CVE-2017-5389 (retired)

Priority
Description
WebExtensions could use the "mozAddonManager" API by modifying the CSP
headers on sites with the appropriate permissions and then using host
requests to redirect script loads to a malicious site. This allows a
malicious extension to then install additional extensions without explicit
user permission. This vulnerability affects Firefox < 51.
Assigned-to
chrisccoulson
Package
Upstream:released (51)
Ubuntu 14.04 LTS (Trusty Tahr):released (51.0.1+build2-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (51.0.1+build2-0ubuntu0.16.04.1)
Package
Priority: Low
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-03-26 12:25:59 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)