CVE-2006-6585
First published: Fri Dec 15 2006(Updated: )
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =2.0 | |
| Firefox | =3.0 | |
| =2.0 | ||
| =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-6585?
CVE-2006-6585 is considered to be a medium-severity vulnerability due to its potential impact on local extensions in Mozilla Firefox.
How do I fix CVE-2006-6585?
To fix CVE-2006-6585, update to a later version of Mozilla Firefox that addresses this vulnerability.
What versions of Firefox are affected by CVE-2006-6585?
CVE-2006-6585 affects Mozilla Firefox versions 2.0 and 3.0.
What type of attack does CVE-2006-6585 allow?
CVE-2006-6585 allows attackers to create extensions that can hide themselves from the list of installed extensions.
Is there a workaround for CVE-2006-6585?
There are no specific workarounds for CVE-2006-6585 besides upgrading to a patched version of Firefox.
- agent/references
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mozilla
- product/firefox
- canonical/mozilla firefox
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- canonical/firefox
- version/firefox/2.0
- version/firefox/3.0