Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-5389

Опубликовано: 11 июн. 2018
Источник: debian
EPSS Низкий

Описание

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed51.0-1package
firefox-esrnot-affectedpackage

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5389

EPSS

Процентиль: 58%
0.00374
Низкий

Связанные уязвимости

CVSS3: 6.1
ubuntu
около 7 лет назад

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.

CVSS3: 6.1
nvd
около 7 лет назад

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.

CVSS3: 6.1
github
около 3 лет назад

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.

suse-cvrf
больше 8 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 58%
0.00374
Низкий