The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | firefox | < 51.0-1 | firefox_51.0-1_all.deb |
Debian | 12 | all | firefox-esr | < 45.7.0esr-1 | firefox-esr_45.7.0esr-1_all.deb |
Debian | 11 | all | firefox-esr | < 45.7.0esr-1 | firefox-esr_45.7.0esr-1_all.deb |
Debian | 10 | all | firefox-esr | < 45.7.0esr-1 | firefox-esr_45.7.0esr-1_all.deb |
Debian | 999 | all | firefox-esr | < 45.7.0esr-1 | firefox-esr_45.7.0esr-1_all.deb |
Debian | 13 | all | firefox-esr | < 45.7.0esr-1 | firefox-esr_45.7.0esr-1_all.deb |