Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97.
El agente remoto, utilizado en WebDriver, no validó los encabezados Host u Origin. Esto podría haber permitido que los sitios web se conectaran localmente al navegador del usuario para controlarlo. <br>*Este error solo afectó a Firefox cuando WebDriver estaba habilitado, que no es la configuración predeterminada.*. Esta vulnerabilidad afecta a Firefox en versiones < 97.
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, or execute arbitrary code. It was discovered that extensions of a particular type could auto-update themselves and bypass the prompt that requests permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to bypass security restrictions.
