Data Protocol Exploitation: Cross-Extension Data Disclosure and Privilege Escalation in Firefox ESR < 45.7 and Firefox < 51

Data Protocol Exploitation: Cross-Extension Data Disclosure and Privilege Escalation in Firefox ESR < 45.7 and Firefox < 51

CVE-2017-5386 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.

Learn more about our Web Application Penetration Testing UK.