Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value


Disclosure Date: June 11, 2018 (last updated October 06, 2023)
If the "" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.