CVE-2006-6585 - The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extension

CVE-2006-6585

Summary

The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 17-10-2018 - 21:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:P

refmap via4

bugtraq	20061210 Firefox 2.0 security bug: Extensions can hide themself 20080623 Firefox 3.0 security bug: Extensions can STILL hide themselves
misc	http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz
sreason	2046

Last major update

17-10-2018 - 21:49

Published

15-12-2006 - 19:28

Last modified

17-10-2018 - 21:49