Vulnerabilities > CVE-2006-6585 - Remote Security vulnerability in Mozilla Firefox 2.0/3.0

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mozilla

NVD

Published: 2006-12-15

Updated: 2018-10-17

Summary

The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 2.0 Mozilla Firefox 3.0	2

References

http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz
http://securityreason.com/securityalert/2046
http://www.securityfocus.com/archive/1/454058/100/0/threaded
http://www.securityfocus.com/archive/1/493585/100/0/threaded