The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the Manual Install button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 1.5.0.3 (including) |
| Red Hat Enterprise Linux 3 | RedHat | seamonkey-0:1.0.2-0.1.0.EL3 | * |
| Red Hat Enterprise Linux 4 | RedHat | devhelp-0:0.10-0.2.el4 | * |
| Red Hat Enterprise Linux 4 | RedHat | seamonkey-0:1.0.3-0.el4.1 | * |
| Red Hat Enterprise Linux 4 | RedHat | firefox-0:1.5.0.5-0.el4.1 | * |
| Red Hat Enterprise Linux 4 | RedHat | thunderbird-0:1.5.0.5-0.el4.1 | * |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Firefox | Ubuntu | dapper | * |
| Firefox-granparadiso | Ubuntu | devel | * |
| Lightning-sunbird | Ubuntu | devel | * |
| Midbrowser | Ubuntu | devel | * |
| Xulrunner | Ubuntu | devel | * |
| Xulrunner | Ubuntu | edgy | * |
| Xulrunner | Ubuntu | feisty | * |