[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1729Date: (C)2006-04-14   (M)2024-03-27


Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SUNALERT-102550
BID-17516
SECUNIA-19631
SECUNIA-19649
SECUNIA-19696
SECUNIA-19714
SECUNIA-19721
SECUNIA-19729
SECUNIA-19746
SECUNIA-19759
SECUNIA-19794
SECUNIA-19811
SECUNIA-19852
SECUNIA-19862
SECUNIA-19863
SECUNIA-19902
SECUNIA-19941
20060404-01-U
SECUNIA-21033
SECUNIA-21622
SECUNIA-22066
SUNALERT-228526
ADV-2006-1356
ADV-2006-3391
ADV-2006-3748
ADV-2008-0083
DSA-1044
DSA-1046
DSA-1051
FEDORA-2006-410
FEDORA-2006-411
FLSA:189137-1
FLSA:189137-2
GLSA-200604-12
GLSA-200604-18
MDKSA-2006:075
MDKSA-2006:076
RHSA-2006:0328
RHSA-2006:0329
SCOSA-2006.26
SSRT061181
SUSE-SA:2006:021
SUSE-SA:2006:035
USN-271-1
USN-275-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
mozilla-textbox-file-access(25823)
oval:org.mitre.oval:def:10922
oval:org.mitre.oval:def:1929

CPE    6
cpe:/o:canonical:ubuntu_linux:5.10
cpe:/o:canonical:ubuntu_linux:4.10
cpe:/o:canonical:ubuntu_linux:5.04
cpe:/a:mozilla:seamonkey
...
CWE    1
CWE-20
OVAL    1
oval:org.mitre.oval:def:1929

© SecPod Technologies