WebExtensions Exploit: Persistent ServiceWorker Installation in Firefox < 95
CVE-2021-43540 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95.
Learn more about our Web Application Penetration Testing UK.