CVE-2006-2784

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 1.5.0.4

Description The issue allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. This would not cross privilege boundaries if the user installs malicious software from the attacker-controlled site.

Recommendations For versions prior to 1.5.0.4, update to version 1.5.0.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "Manual Install" button for plugin installation until a patch is applied. Restrict access to untrusted websites to minimize the risk of exploitation.