Activity Stream can display content from sent from the Snippet Service website. This content is written to `innerHTML` on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised.
Name: the Mozilla project
Upstream: Mark Banner
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):