CVE-2016-9075: Critical severity firefox vulnerability

Q: What is the vulnerability ID?

The vulnerability ID is CVE-2016-9075.

Q: What is the severity of CVE-2016-9075?

The severity of CVE-2016-9075 is critical with a CVSS score of 9.8.

Q: How does CVE-2016-9075 affect Firefox?

CVE-2016-9075 affects Firefox versions before 50.0.

Q: What is the impact of CVE-2016-9075?

CVE-2016-9075 allows a malicious extension to install additional extensions without explicit user permission.

Q: Are there any references for CVE-2016-9075?

Yes, you can find references for CVE-2016-9075 at the following links: [1] [2] [3].

Published Nov 15, 2016

Updated

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.

Affected Software

2 affected componentsFixes available

Mozilla Firefox<50

Mozilla Firefox<50.0

Event History

Nov 15, 2016

CVE Published

12:00 AM

Jun 11, 2018

CVE Published

via MITRE·09:00 PM

Data Sourced

via MITRE·09:00 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

MFSA2016-89

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID?

The vulnerability ID is CVE-2016-9075.

What is the severity of CVE-2016-9075?

The severity of CVE-2016-9075 is critical with a CVSS score of 9.8.

How does CVE-2016-9075 affect Firefox?