Omar Khan

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.3 **Description** The issue allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag. This is related to the Plugin Finder Service (PFS) in Firefox. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider disabling the execution of javascript: URLs in the PLUGINSPAGE attribute of an EMBED tag until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0 **Description** The issue allows remote attackers to execute arbitrary code by storing a javascript: or data: URL as a Livefeed bookmark, which is then executed in the security context of the currently loaded page when the user accesses the bookmark. **Recommendations** For Firefox versions prior to 1.0, avoid storing javascript: or data: URLs as Livefeed bookmarks to minimize the risk of exploitation. As a temporary workaround, consider restricting access to Livefeed bookmarks until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0 **Description** The issue arises from the improper distinction between user-generated and synthetic click events, allowing remote attackers to use Javascript and bypass the file download prompt when the user utilizes the Alt-click feature. **Recommendations** For versions prior to 1.0, update to version 1.0 or later to resolve the issue.