| Vulnerability Name: | CVE-2006-6585 (CCN-39932) | ||||||||
| Assigned: | 2006-12-10 | ||||||||
| Published: | 2006-12-10 | ||||||||
| Updated: | 2018-10-17 | ||||||||
| Summary: | The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. Note: it was later reported that 3.0 is also affected. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P) 5.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:U/RC:UR)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MISC Type: UNKNOWN http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz Source: MITRE Type: CNA CVE-2006-6585 Source: SREASON Type: UNKNOWN 2046 Source: CCN Type: Mozilla Web site Firefox web browser Source: CCN Type: OSVDB ID: 35912 Mozilla Firefox Extension Manager RemoveElement Extension Concealment Source: BUGTRAQ Type: UNKNOWN 20061210 Firefox 2.0 security bug: Extensions can hide themself Source: BUGTRAQ Type: UNKNOWN 20080623 Firefox 3.0 security bug: Extensions can STILL hide themselves Source: CCN Type: BugTraq Mailing List, Dec 10 2006 03:45PM Firefox 2.0 security bug: Extensions can hide themself Source: XF Type: UNKNOWN firefox-extensions-weak-security(39932) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||