CVE-2017-5393

Source
Severity Medium
Remote Yes
Type Access restriction bypass
Description
The mozAddonManager in Firefox < 51 allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.
Group Package Affected Fixed Severity Status Ticket
AVG-157 firefox 50.1.0-1 51.0.1-1 Critical Fixed
Date Advisory Group Package Severity Description
29 Jan 2017 ASA-201701-39 AVG-157 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5393
https://bugzilla.mozilla.org/show_bug.cgi?id=1309282