HTTPMonitor extension allows for remote debugging without explicit activation — Mozilla

Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools’ debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port used by HTTPMonitor. A remote-enabled flag has been added to resolve this problem and close the port unless debugging is explicitly enabled.