Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1736

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1736
Last Modified 07 Mar 2011 09:33:46
Published 14 Apr 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1736

Summary

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.5

  • Mozilla Seamonkey 1.0

  • Mozilla Suite 1.7.10

  • Mozilla Suite 1.7.11

  • Mozilla Suite 1.7.12

  • Mozilla Suite 1.7.6

  • Mozilla Suite 1.7.7

  • Mozilla Suite 1.7.8

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.1

  • Mozilla Thunderbird 1.0.2

  • Mozilla Thunderbird 1.0.3

  • Mozilla Thunderbird 1.0.4

  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.6

  • Mozilla Thunderbird 1.0.7

  • Mozilla Thunderbird 1.5


References

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=293527

VUPEN - ADV-2006-1356

HP - SSRT061158

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-13.html

SUNALERT - 228526

XF - mozilla-saveimageas-ext-spoofing(25814)

UBUNTU - USN-275-1

UBUNTU - USN-271-1

BID - 17516

HP - HPSBUX02122

MANDRIVA - MDKSA-2006:076

MANDRIVA - MDKSA-2006:075

GENTOO - GLSA-200604-18

GENTOO - GLSA-200604-12

DEBIAN - DSA-1051

DEBIAN - DSA-1046

DEBIAN - DSA-1044

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

SUNALERT - 102550

SECUNIA - 21622

SECUNIA - 21033

SECUNIA - 19941

SECUNIA - 19902

SECUNIA - 19863

SECUNIA - 19862

SECUNIA - 19852

SECUNIA - 19794

SECUNIA - 19759

SECUNIA - 19746

SECUNIA - 19721

SECUNIA - 19631

SUSE - SUSE-SA:2006:021

SCO - SCOSA-2006.26


Last Updated: 27 May 2016 10:42:10