CVE-2006-2784 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-2784
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2784

Description: The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26847 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-323-1 http://www.ubuntulinux.org/support/documentation/usn/usn-296-2 http://www.ubuntulinux.org/support/documentation/usn/usn-297-3 http://www.ubuntulinux.org/support/documentation/usn/usn-296-1 SUSE http://www.novell.com/linux/security/advisories/2006_35_mozilla.html ST 1016202 SAID Secunia Advisory: SA22066 Secunia Advisory: SA21631 Secunia Advisory: SA21532 Secunia Advisory: SA21324 Secunia Advisory: SA21270 Secunia Advisory: SA21336 Secunia Advisory: SA21269 Secunia Advisory: SA21210 Secunia Advisory: SA21188 Secunia Advisory: SA21178 Secunia Advisory: SA21176 Secunia Advisory: SA20376 Secunia Advisory: SA20561 Secunia Advisory: SA21134 Secunia Advisory: SA21183 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0594.html http://www.redhat.com/support/errata/RHSA-2006-0611.html http://rhn.redhat.com/errata/RHSA-2006-0609.html http://www.redhat.com/support/errata/RHSA-2006-0610.html http://www.redhat.com/support/errata/RHSA-2006-0578.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 HP http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml DEBIAN http://www.debian.org/security/2006/dsa-1120 http://www.debian.org/security/2006/dsa-1134 http://www.debian.org/security/2006/dsa-1118 CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-36.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/435795/100/0/threaded BID 18228

Return to the previous page.