CVE-2016-9075 (retired)

Priority
Description
An issue where WebExtensions can use the mozAddonManager API to elevate
privilege due to privileged pages being allowed in the permissions list.
This allows a malicious extension to then install additional extensions
without explicit user permission. This vulnerability affects Firefox < 50.
Assigned-to
chrisccoulson
Package
Upstream:released (50.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (50.0+build2-0ubuntu0.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (50.0+build2-0ubuntu0.16.04.2)
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-03-26 12:23:23 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)