WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
{
"binaries": [
{
"binary_name": "firefox",
"binary_version": "51.0.1+build2-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-dev",
"binary_version": "51.0.1+build2-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "51.0.1+build2-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "51.0.1+build2-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "51.0.1+build2-0ubuntu0.14.04.1"
}
],
"availability": "No subscription required"
}
{
"binaries": [
{
"binary_name": "firefox",
"binary_version": "51.0.1+build2-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-dev",
"binary_version": "51.0.1+build2-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "51.0.1+build2-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "51.0.1+build2-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "51.0.1+build2-0ubuntu0.16.04.1"
}
],
"availability": "No subscription required"
}