CVE - CVE-2006-6585

CVE-ID
CVE-2006-6585	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20061210 Firefox 2.0 security bug: Extensions can hide themself URL:http://www.securityfocus.com/archive/1/454058/100/0/threaded BUGTRAQ:20080623 Firefox 3.0 security bug: Extensions can STILL hide themselves URL:http://www.securityfocus.com/archive/1/493585/100/0/threaded MISC:http://azurit.elbiahosting.sk/ffsniff/ffsniff-0.2.tar.gz SREASON:2046 URL:http://securityreason.com/securityalert/2046
Assigning CNA
MITRE Corporation
Date Record Created
20061215	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061215)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)