6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
firefox is vulnerable to privilege escalation. The vulnerability exists due to the way Firefox handles extensions updates allowing attacker can trick the victim to install a browser extension of a particular type and during auto-update bypass the prompt which grants the new version the new requested permissions. As a result an extension with limited permissions can be used to compromise the system.