Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2006-36

PLUGINSPAGE privileged JavaScript execution II

June 1, 2006
Paul Nickerson
Fixed in
  • Firefox


Paul Nickerson reports that the fix for MFSA 2005-34 can be bypassed using nested javascript: URLs, again allowing the attacker to execute privileged code. The attacker must first convince the user to first click on the missing-plugin icon in the page or the "Install Missing Plugins..." button in the infobar, and then click on the "Manual Install" button on the plugin-finder dialog.

Note that the "Manual Install" button is a mechanism for installing software from a site specified by the web page. Many potential victims who have come this far might be convinced to go ahead and install arbitrary software from the attacker's site even without this vulnerability.


Do not press the "Manual Install" button on the Firefox plugin finder. Instead use a search engine to find an appropriate plugin for the content.