Mozilla Firefox before 55.0 :- JavaScript in the about:webrtc page is not sanitized properly being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack.