When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | firefox | < 84.0-1 | firefox_84.0-1_all.deb |
Debian | 12 | all | firefox-esr | < 78.6.0esr-1 | firefox-esr_78.6.0esr-1_all.deb |
Debian | 11 | all | firefox-esr | < 78.6.0esr-1 | firefox-esr_78.6.0esr-1_all.deb |
Debian | 10 | all | firefox-esr | < 78.6.0esr-1~deb10u1 | firefox-esr_78.6.0esr-1~deb10u1_all.deb |
Debian | 999 | all | firefox-esr | < 78.6.0esr-1 | firefox-esr_78.6.0esr-1_all.deb |
Debian | 13 | all | firefox-esr | < 78.6.0esr-1 | firefox-esr_78.6.0esr-1_all.deb |
Debian | 12 | all | thunderbird | < 1:78.6.0-1 | thunderbird_1:78.6.0-1_all.deb |
Debian | 11 | all | thunderbird | < 1:78.6.0-1 | thunderbird_1:78.6.0-1_all.deb |
Debian | 10 | all | thunderbird | < 1:78.6.0-1~deb10u1 | thunderbird_1:78.6.0-1~deb10u1_all.deb |
Debian | 999 | all | thunderbird | < 1:78.6.0-1 | thunderbird_1:78.6.0-1_all.deb |