CVE-2005-0752 | Vulnerability Database | Aqua Security

The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	0.8 (including)	0.8 (including)
Firefox	Mozilla	0.9 (including)	0.9 (including)
Firefox	Mozilla	0.9-rc (including)	0.9-rc (including)
Firefox	Mozilla	0.9.1 (including)	0.9.1 (including)
Firefox	Mozilla	0.9.2 (including)	0.9.2 (including)
Firefox	Mozilla	0.9.3 (including)	0.9.3 (including)
Firefox	Mozilla	0.10 (including)	0.10 (including)
Firefox	Mozilla	0.10.1 (including)	0.10.1 (including)
Firefox	Mozilla	1.0 (including)	1.0 (including)
Firefox	Mozilla	1.0.1 (including)	1.0.1 (including)
Firefox	Mozilla	1.0.2 (including)	1.0.2 (including)

References

http://secunia.com/advisories/14938
http://www.mozilla.org/security/announce/mfsa2005-34.html
http://www.redhat.com/support/errata/RHSA-2005-383.html
http://www.securityfocus.com/bid/13228
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10279

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-0752
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html