The Extensions manager in Mozilla Firefox 2.0 does not...
Moderate severity
Unreviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Dec 15, 2006
Published to the GitHub Advisory Database
May 1, 2022
Last updated
Jan 31, 2023
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
References