Universal XSS (UXSS) vulnerability in Mozilla Firefox before 46.0
CVE-2016-2817 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.
Learn more about our Cis Benchmark Audit For Google Chrome.