New Search

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

oval:org.mitre.oval:def:9768

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • CentOS Linux 3
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 3
  • Oracle Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-2784
Product(s):