Back to search
CVE-2006-6585
Published: Dec 15, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20061210 Firefox 2.0 security bug: Extensions can hide themself
mailing-list
x_refsource_BUGTRAQ
http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz
x_refsource_MISC
20080623 Firefox 3.0 security bug: Extensions can STILL hide themselves
mailing-list
x_refsource_BUGTRAQ
2046
third-party-advisory
x_refsource_SREASON
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now