CVE-2006-2784

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

🔗 References (82)

• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2006-0609.html
• cve@mitrehttp://secunia.com/advisories/20376
• cve@mitrehttp://secunia.com/advisories/20561
• cve@mitrehttp://secunia.com/advisories/21134
• cve@mitrehttp://secunia.com/advisories/21176
• cve@mitrehttp://secunia.com/advisories/21178
• cve@mitrehttp://secunia.com/advisories/21183
• cve@mitrehttp://secunia.com/advisories/21188
• cve@mitrehttp://secunia.com/advisories/21210
• cve@mitrehttp://secunia.com/advisories/21269
• cve@mitrehttp://secunia.com/advisories/21270
• cve@mitrehttp://secunia.com/advisories/21324
• cve@mitrehttp://secunia.com/advisories/21336
• cve@mitrehttp://secunia.com/advisories/21532
• cve@mitrehttp://secunia.com/advisories/21631