Privilege Escalation via mozAddonManager API in Firefox < 50
CVE-2016-9075 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.
Learn more about our Web App Pen Testing.