Описание
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 50.0.2+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [50.0+build2-0ubuntu0.14.04.2]] |
| precise | released | 50.0+build2-0ubuntu0.12.04.2 |
| trusty | released | 50.0+build2-0ubuntu0.14.04.2 |
| trusty/esm | DNE | trusty was released [50.0+build2-0ubuntu0.14.04.2] |
| upstream | released | 50.0 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 50.0+build2-0ubuntu0.16.04.2 |
| yakkety | released | 50.0+build2-0ubuntu0.16.10.2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | |
| yakkety | not-affected |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.
An issue where WebExtensions can use the mozAddonManager API to elevat ...
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3