> What makes this so special? What qualifies this as an attack?
Well, I suppose nothing actually.
Only that a "clean" extension could potentially piggy-back, for nefarious reasons, onto a different (truly clean) extension.
But really what it points out is the failing in using global variables (as a particular point) rather then variables local to a particular procedure.
There was a GREAT article in that respect, I think from Oracle Magazine, May/June 2015, Tom Kyte... yeah, that was it... (now let me see if I can find it online)...
That was easy,
On More-Secure Applications.
(What takes 5 pages in paper form, is only "one" page, electronically. And yes what he says deals with a specific product, but the concepts apply [should apply] everywhere.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus