Doron Rosenberg

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.3 **Description** The issue allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag. This is related to the Plugin Finder Service (PFS) in Firefox. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider disabling the execution of javascript: URLs in the PLUGINSPAGE attribute of an EMBED tag until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.3 Mozilla Suite versions prior to 1.7.7 **Description** The issue allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option, after blocking a popup. **Recommendations** For Firefox versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. For Mozilla Suite versions prior to 1.7.7, update to version 1.7.7 or later to resolve the issue.