Privilege Escalation via mozAddonManager API in Firefox < 50

CVE-2016-9075 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.

Learn more about our Web App Pen Testing.