FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- PLUGINSPAGE privileged javascript execution

Affected packages
firefox < 1.0.3,1
linux-firefox < 1.0.3


VuXML ID ce6ac624-aec8-11d9-a788-0001020eed82
Discovery 2005-03-31
Entry 2005-04-16

A Mozilla Foundation Security Advisory reports:

When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service (PFS) to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute, and if one is found the PFS dialog will contain a "manual install" button that will load the PLUGINSPAGE url.

Omar Khan reported that if the PLUGINSPAGE attribute contains a javascript: url then pressing the button could launch arbitrary code capable of stealing local data or installing malicious code.

Doron Rosenberg reported a variant that injects script by appending it to a malformed URL of any protocol.


CVE Name CVE-2005-0752