CVE-2006-6585

描述

The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.

如何修補 CVE-2006-6585

要修補 CVE-2006-6585,請將受影響套件升級到下列已修補版本。

• Debian/firefox-esr—升級至 45.0esr-1 或更新版本

CVE-2006-6585 正在被利用嗎?

低 — EPSS 為 0.5%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 45.0esr-1

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-6585