1. Home
  2. CVE Database
  3. CVE-2006-2784
MEDIUM · 5.1

CVE-2006-2784

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "M...

Vulnerability Description

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

CVSS Score

5.1

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MozillaFirefox<= 1.5.0.3

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2006-2784?

CVE-2006-2784 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "M...

How severe is CVE-2006-2784?

CVE-2006-2784 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-2784?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.