If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67.
Si se presionan las teclas ALT y "a" cuando los usuarios reciben una solicitud de instalación de extensión, la extensión se instalará sin la demora de instalación que mantiene la solicitud visible para que los usuarios acepten o rechacen la instalación. Una página web maliciosa podría usar esto con la suplantación de identidad en la página para engañar a los usuarios para que instalen una extensión maliciosa. Esta vulnerabilidad afecta a Firefox anterior a 67.
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.
