CVE-2006-6585
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/12/2006
Last modified:
09/04/2025
Description
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz
- http://securityreason.com/securityalert/2046
- http://www.securityfocus.com/archive/1/454058/100/0/threaded
- http://www.securityfocus.com/archive/1/493585/100/0/threaded
- http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz
- http://securityreason.com/securityalert/2046
- http://www.securityfocus.com/archive/1/454058/100/0/threaded
- http://www.securityfocus.com/archive/1/493585/100/0/threaded