CVE-2006-2784
CVE-2006-2784
The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rhn.redhat.com/errata/RHSA-2006-0609.htmlhttp://secunia.com/advisories/20376http://secunia.com/advisories/20561http://secunia.com/advisories/21134http://secunia.com/advisories/21176http://secunia.com/advisories/21178http://secunia.com/advisories/21183http://secunia.com/advisories/21188http://secunia.com/advisories/21210http://secunia.com/advisories/21269http://secunia.com/advisories/21270http://secunia.com/advisories/21324