The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 17.10 |