Closed MrGoatsy closed 1 year ago
The Mozilla reviewer spotted an XSS vulnerability in the code and took it down. I have fixed the bug in https://github.com/ajayyy/DeArrow/releases/tag/1.2.6 and now we will have to wait for them to review it.
The good news is that no one has abused this, and there is a server-side mitigation to make it so it can't be abused even on older extension versions.
Why did it get removed?