Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-7223

Source

Mozilla Foundation Security Advisory 2015-148

Privilege escalation vulnerabilities in WebExtension APIs

Announced

December 15, 2015

Reporter

Kris Maglione

Impact

Critical

Products

Firefox

Fixed in

Firefox 43

Description

Mozilla developer Kris Maglione reported a mechanism where WebExtension APIs could be used to escalate privilege. This could allow arbitrary web content to execute code with the privileges of a particular WebExtension when using these API calls. Depending on the privileges of the extension used, this could result in personal information theft and cross-site scripting (XSS) attacks, including theft of browser cookies. This is mitigated by the requirement to have a WebExtension installed that is vulnerable to this issue.

References

Privilege escalation vulnerabilities in WebExtension APIs (CVE-2015-7223)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Privilege escalation vulnerabilities in WebExtension APIs

Privilege escalation vulnerabilities in WebExtension APIs

Description

References

Vulmon Search

About

Products

Connect