Peter Arremann

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 **Description** The issue is related to errors in security settings within the Add-on SDK of Mozilla Firefox. It allows a remote attacker to conduct cross-site scripting (XSS) attacks using specially crafted JavaScript code. The vulnerability arises from the misinterpretation of a "script: false" panel setting, making it easier for attackers to execute inline JavaScript code within third-party extensions. **Recommendations** For versions prior to 42.0, update to version 42.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of third-party extensions until the update is applied.