ASA-2019-00439 – Mozilla Firefox: Activity Stream writes unsanitized content to innerHTML

Activity Stream can display content sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised.