CVE-2016-9075

Source
Severity High
Remote Yes
Type Privilege escalation
Description
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.
Group Package Affected Fixed Severity Status Ticket
AVG-72 firefox 49.0.2-1 50.0-1 Critical Fixed
Date Advisory Group Package Severity Description
16 Nov 2016 ASA-201611-16 AVG-72 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9075