| Vulnerability Name: | CVE-2006-2784 (CCN-26847) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2006-06-01 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2006-06-01 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-18 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. Note: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2784 Source: CCN Type: RHSA-2006-0578 seamonkey security update (was mozilla) Source: CCN Type: RHSA-2006-0594 seamonkey security update (was mozilla) Source: CCN Type: RHSA-2006-0609 seamonkey security update Source: REDHAT Type: UNKNOWN RHSA-2006:0609 Source: CCN Type: RHSA-2006-0610 firefox security update Source: CCN Type: RHSA-2006-0611 thunderbird security update Source: CCN Type: SA20376 Firefox Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 20376 Source: SECUNIA Type: Vendor Advisory 20561 Source: SECUNIA Type: Vendor Advisory 21134 Source: SECUNIA Type: Vendor Advisory 21176 Source: SECUNIA Type: Vendor Advisory 21178 Source: SECUNIA Type: Vendor Advisory 21183 Source: SECUNIA Type: Vendor Advisory 21188 Source: SECUNIA Type: Vendor Advisory 21210 Source: SECUNIA Type: Vendor Advisory 21269 Source: SECUNIA Type: Vendor Advisory 21270 Source: SECUNIA Type: Vendor Advisory 21324 Source: SECUNIA Type: Vendor Advisory 21336 Source: SECUNIA Type: Vendor Advisory 21532 Source: SECUNIA Type: Vendor Advisory 21631 Source: SECUNIA Type: Vendor Advisory 22066 Source: CCN Type: SECTRACK ID: 1016202 Mozilla Firefox Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling Source: SECTRACK Type: UNKNOWN 1016202 Source: CCN Type: ASA-2006-146 seamonkey security update (was mozilla) (RHSA-2006-0578) Source: CCN Type: ASA-2006-151 firefox seamonkey and thunderbird security update (RHSA-2006-0609 RHSA-2006-0610 and RHSA-2006-0611) Source: CCN Type: ASA-2006-208 seamonkey security update (was mozilla) (RHSA-2006-0594) Source: CCN Type: ASA-2006-259 HP-UX Firefox Vulnerabilities Source: CCN Type: ASA-2007-097 HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153) Source: DEBIAN Type: UNKNOWN DSA-1118 Source: DEBIAN Type: UNKNOWN DSA-1120 Source: DEBIAN Type: UNKNOWN DSA-1134 Source: DEBIAN Type: DSA-1118 mozilla -- several vulnerabilities Source: DEBIAN Type: DSA-1120 mozilla-firefox -- several vulnerabilities Source: DEBIAN Type: DSA-1134 mozilla-thunderbird -- several vulnerabilities Source: CCN Type: GLSA-200606-12 Mozilla Firefox: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200606-12 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:143 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:145 Source: CCN Type: MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution II Source: CONFIRM Type: Vendor Advisory http://www.mozilla.org/security/announce/2006/mfsa2006-36.html Source: SUSE Type: UNKNOWN SUSE-SA:2006:035 Source: REDHAT Type: UNKNOWN RHSA-2006:0578 Source: REDHAT Type: UNKNOWN RHSA-2006:0594 Source: REDHAT Type: UNKNOWN RHSA-2006:0610 Source: REDHAT Type: UNKNOWN RHSA-2006:0611 Source: BUGTRAQ Type: UNKNOWN 20060602 rPSA-2006-0091-1 firefox thunderbird Source: HP Type: UNKNOWN SSRT061181 Source: BID Type: UNKNOWN 18228 Source: CCN Type: BID-18228 Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities Source: CCN Type: USN-296-1 Firefox vulnerabilities Source: CCN Type: USN-296-2 Firefox vulnerabilities Source: CCN Type: USN-297-3 Thunderbird vulnerabilities Source: CCN Type: USN-323-1 Mozilla vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2006-2106 Source: VUPEN Type: Vendor Advisory ADV-2006-3748 Source: VUPEN Type: Vendor Advisory ADV-2008-0083 Source: CCN Type: ISS X-Force Database Mozilla Firefox PLUGINSPAGE attribute command execution Source: XF Type: UNKNOWN mozilla-pluginspage-code-execution(26847) Source: XF Type: UNKNOWN mozilla-pluginspage-code-execution(26847) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9768 Source: UBUNTU Type: UNKNOWN USN-296-1 Source: UBUNTU Type: UNKNOWN USN-296-2 Source: UBUNTU Type: UNKNOWN USN-297-3 Source: UBUNTU Type: UNKNOWN USN-323-1 Source: SUSE Type: SUSE-SA:2006:035 Mozilla browser security problems | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||