firefox is vulnerable to privilege escalation. The vulnerability exists due to the way Firefox handles extensions updates allowing attacker can trick the victim to install a browser extension of a particular type and during auto-update bypass the prompt which grants the new version the new requested permissions. As a result an extension with limited permissions can be used to compromise the system.