A Firefox security flaw originally judged to be of low severity has been upgraded to high, but Firefox 184.108.40.206 which will be available shortly, according to the Mozilla Security Blog, will include a fix for the problem.
The vulnerability, known formally as the chrome protocol directory transversal, concerns the so-called flat add-ons that store their components in multiple files instead of using a single .jar file. A flaw in the way the program handles the chrome protocol could allow an attacker to retrieve data from a compromised system.
The vulnerability is not within the browser, according to Mozillas chief of security Window Snyder, but in how the extensions are written. You can check out a list of affected extensions at Mozillas website while you wait for the next Firefox update.