| Revision Date: | 2017-03-03 | Version: | 3 |
| Title: | WebExtensions can install additional add-ons via modified host requests - CVE-2017-5389 |
| Description: | WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. |
| Family: | windows | Class: | vulnerability |
| Status: | DRAFT | Reference(s): | CVE-2017-5389
|
| Platform(s): | Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | Mozilla Firefox
|
| Definition Synopsis |
| Mozilla Firefox Mainline release is installed AND Check if Mozilla Firefox Mainline version less than 51.0.0
|