Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2006-36

PLUGINSPAGE privileged JavaScript execution II

Announced
June 1, 2006
Reporter
Paul Nickerson
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 1.5.0.4

Description

Paul Nickerson reports that the fix for MFSA 2005-34 can be bypassed using nested javascript: URLs, again allowing the attacker to execute privileged code. The attacker must first convince the user to first click on the missing-plugin icon in the page or the "Install Missing Plugins..." button in the infobar, and then click on the "Manual Install" button on the plugin-finder dialog.

Note that the "Manual Install" button is a mechanism for installing software from a site specified by the web page. Many potential victims who have come this far might be convinced to go ahead and install arbitrary software from the attacker's site even without this vulnerability.

Workaround

Do not press the "Manual Install" button on the Firefox plugin finder. Instead use a search engine to find an appropriate plugin for the content.

References