Unrated severityNVD Advisory· Published Jun 2, 2006· Updated Jun 16, 2026
CVE-2006-2784
CVE-2006-2784
Description
The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=1.5.0.3
- (no CPE)range: <1.5.0.4
Patches
Vulnerability mechanics
References
41- secunia.com/advisories/20376nvdVendor Advisory
- secunia.com/advisories/20561nvdVendor Advisory
- secunia.com/advisories/21134nvdVendor Advisory
- secunia.com/advisories/21176nvdVendor Advisory
- secunia.com/advisories/21178nvdVendor Advisory
- secunia.com/advisories/21183nvdVendor Advisory
- secunia.com/advisories/21188nvdVendor Advisory
- secunia.com/advisories/21210nvdVendor Advisory
- secunia.com/advisories/21269nvdVendor Advisory
- secunia.com/advisories/21270nvdVendor Advisory
- secunia.com/advisories/21324nvdVendor Advisory
- secunia.com/advisories/21336nvdVendor Advisory
- secunia.com/advisories/21532nvdVendor Advisory
- secunia.com/advisories/21631nvdVendor Advisory
- secunia.com/advisories/22066nvdVendor Advisory
- www.mozilla.org/security/announce/2006/mfsa2006-36.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2006/2106nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3748nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0083nvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2006-0609.htmlnvd
- securitytracker.com/idnvd
- www.debian.org/security/2006/dsa-1118nvd
- www.debian.org/security/2006/dsa-1120nvd
- www.debian.org/security/2006/dsa-1134nvd
- www.gentoo.org/security/en/glsa/glsa-200606-12.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_35_mozilla.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0578.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0594.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0610.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0611.htmlnvd
- www.securityfocus.com/archive/1/435795/100/0/threadednvd
- www.securityfocus.com/archive/1/446658/100/200/threadednvd
- www.securityfocus.com/bid/18228nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26847nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9768nvd
- usn.ubuntu.com/296-1/nvd
- usn.ubuntu.com/296-2/nvd
- usn.ubuntu.com/297-3/nvd
- usn.ubuntu.com/323-1/nvd
News mentions
0No linked articles in our index yet.