CVE-2006-6585
published 2006-12-15CVE-2006-6585: The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that…
PriorityP420medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EPSS
0.99%
58.3th percentile
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | firefox-esr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM
vendor_debian6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-626g-w2m9-f8hr: The Extensions manager in Mozilla Firefox 2
ghsa_unreviewed·2022-05-01
CVE-2006-6585 [MEDIUM] GHSA-626g-w2m9-f8hr: The Extensions manager in Mozilla Firefox 2
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
OSV
CVE-2006-6585: The Extensions manager in Mozilla Firefox 2
osv·2006-12-15·CVSS 6.4
CVE-2006-6585 [MEDIUM] CVE-2006-6585: The Extensions manager in Mozilla Firefox 2
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
Debian
CVE-2006-6585: firefox - The Extensions manager in Mozilla Firefox 2.0 does not properly populate the lis...
vendor_debian·2006·CVSS 6.4
CVE-2006-6585 [MEDIUM] CVE-2006-6585: firefox - The Extensions manager in Mozilla Firefox 2.0 does not properly populate the lis...
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
Scope: local
sid: resolved (fixed in 45.0-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gzhttp://securityreason.com/securityalert/2046http://www.securityfocus.com/archive/1/454058/100/0/threadedhttp://www.securityfocus.com/archive/1/493585/100/0/threadedhttp://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gzhttp://securityreason.com/securityalert/2046http://www.securityfocus.com/archive/1/454058/100/0/threadedhttp://www.securityfocus.com/archive/1/493585/100/0/threaded
2006-12-15
Published