Universal XSS (UXSS) vulnerability in Mozilla Firefox before 46.0

CVE-2016-2817 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.

Learn more about our Cis Benchmark Audit For Google Chrome.