Security Advisory

CVE-2020-35111

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-07 13:50:26

Last updated 2024-08-04 16:55:10

Assigner mozilla

State PUBLISHED

Description

When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

← Browse all CVEs View on cve.org ↗