CVE-2006-6585 — Firefox vulnerability

4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

0.5%

top 35.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Firefox Debian Firefox-esr Mozilla Firefox

Timeline

PublishedDec 15

Latest updateMay 1

Description

The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶NVDmozilla/firefox2.0, 3.0+1

▶debiandebian/firefox< firefox 45.0-1 (sid)

▶debiandebian/firefox-esr< firefox 45.0-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-626g-w2m9-f8hr: The Extensions manager in Mozilla Firefox 2↗2022-05-01

▶

OSV

CVE-2006-6585: The Extensions manager in Mozilla Firefox 2↗2006-12-15

▶

📋Vendor Advisories

Debian

CVE-2006-6585: firefox - The Extensions manager in Mozilla Firefox 2.0 does not properly populate the lis...↗2006

▶