Activity Stream can display content from sent from the...
Moderate severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Jul 23, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 31, 2023
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68.
References