WebExtensions Exploit: Persistent ServiceWorker Installation in Firefox < 95

WebExtensions Exploit: Persistent ServiceWorker Installation in Firefox < 95

CVE-2021-43540 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95.

Learn more about our Web Application Penetration Testing UK.