cbcvebase.
CVE-2006-2784
published 2006-06-02

CVE-2006-2784: The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into…

PriorityP421medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
1.79%
75.7th percentile
The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 1.5.dfsg+1.5.0.4-1 (sid)firefox 1.5.dfsg+1.5.0.4-1 (sid)
mozillafirefox<= 1.5.0.3

CVSS provenance

nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_ubuntu7.5HIGH
vendor_debian5.1MEDIUM
vendor_redhat5.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.