CVE-2016-9075

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
11/06/2018
Last modified:
08/08/2018

Description

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 50.0 (excluding)