WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.
https://bugzilla.mozilla.org/show_bug.cgi?id=1437325
https://usn.ubuntu.com/3645-1/