A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

Related CVEs

CVE-2018-12396

Key Information

GHSA ID

GHSA-5c59-7337-gvv9

Published

May 13, 2022 1:49 AM

Last Modified

May 13, 2022 1:49 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.