firefox is vulnerable to improper access control. The vulnerability exists when downloading an update for an addon because the downloaded addon update’s version was not verified to match the version selected from the manifest which allows an attacker to trick the browser into downgrading the addon to a prior version.