By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

Related CVEs

CVE-2018-12395

Key Information

GHSA ID

GHSA-vw7x-c78h-8w2r

Published

May 13, 2022 1:49 AM

Last Modified

May 13, 2022 1:49 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 17, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.