Security Advisory

CVE-2017-5389

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-06-11 21:00:00

Last updated 2024-08-05 14:55:35

Assigner mozilla

State PUBLISHED

Description

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.

← Browse all CVEs View on cve.org ↗