You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.3) > MFSA 2005-34

Mozilla Foundation Security Advisory 2005-34

Title: PLUGINSPAGE privileged javascript execution
Severity: High
Reporter: Omar Khan
Products: Firefox

Fixed in: Firefox 1.0.3

Description

When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service (PFS) to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute, and if one is found the PFS dialog will contain a "manual install" button that will load the PLUGINSPAGE url.

Omar Khan reported that if the PLUGINSPAGE attribute contains a javascript: url then pressing the button could launch arbitrary code capable of stealing local data or installing malicious code.

Doron Rosenberg reported a variant that injects script by appending it to a malformed URL of any protocol.

The plugin finder in the Mozilla Suite is not affected by this issue.

Workaround

Do not press the "Manual Install" button on the Firefox plugin finder. Use a search engine to find an appropriate plugin for the content.

References