A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12396
Acknowledgments: Name: the Mozilla project Upstream: Rob Wu
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3005
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3006