Mozilla · Firefox · CVE-2018-12395
**Name of the Vulnerable Software and Affected Versions**
Firefox ESR versions prior to 60.3
Firefox versions prior to 63
**Description**
The issue is related to a lack of access control in the WebExtensions system for Firefox browsers. It allows a WebExtension to bypass domain restrictions through domain fronting by rewriting the Host: request headers using the `webRequest` API. This could enable access to restricted domains that share a host.
**Recommendations**
For Firefox ESR versions prior to 60.3, update to version 60.3 or later.
For Firefox versions prior to 63, update to version 63 or later.