WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. External References: https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9073
Acknowledgments: Name: the Mozilla project Upstream: Will Bamberg
Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.