Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2006-2784

Published: 2 June 2006

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

Priority

Unknown

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper
Released (1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
edgy Not vulnerable

feisty Not vulnerable

upstream Needs triage

firefox-granparadiso
Launchpad, Ubuntu, Debian
dapper Does not exist

edgy Does not exist

feisty Does not exist

upstream Needs triage

lightning-sunbird
Launchpad, Ubuntu, Debian
dapper Does not exist

edgy Does not exist

feisty Does not exist

upstream Needs triage

midbrowser
Launchpad, Ubuntu, Debian
dapper Does not exist

edgy Does not exist

feisty Does not exist

upstream Needs triage

mozilla-thunderbird
Launchpad, Ubuntu, Debian
dapper Not vulnerable

edgy Not vulnerable

feisty Not vulnerable

upstream Needs triage

xulrunner
Launchpad, Ubuntu, Debian
dapper Does not exist

edgy
Released (1.8.0.5-4.2)
feisty
Released (1.8.0.5-4.2)
upstream Needs triage