Andrew Swan

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 60.3 Firefox versions prior to 63 **Description** The issue is related to a lack of access control in the WebExtensions system for Firefox browsers. It allows a WebExtension to bypass domain restrictions through domain fronting by rewriting the Host: request headers using the `webRequest` API. This could enable access to restricted domains that share a host. **Recommendations** For Firefox ESR versions prior to 60.3, update to version 60.3 or later. For Firefox versions prior to 63, update to version 63 or later.