CVE-2016-9075 – An issue where WebExtensions can use the mozAddonManager API to elevate p

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.   Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9075 Reference (s):

• BID:94337
• URL: http://www.securityfocus.com/bid/94337
• https://bugzilla.mozilla.org/show_bug.cgi?id=1295324
• https://www.mozilla.org/security/advisories/mfsa2016-89/
• SECTRACK:1037298