Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2894

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-2894
Last Modified 03 Jul 2013 11:07:59
Published 07 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2894

Summary

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Vulnerable Systems

Application

  • Mozilla Firefox 1.5.0.4

  • Mozilla Firefox 2.0.0.8

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.1.4

  • Mozilla Suite 1.7.13

  • Netscape Navigator 8.1


References

FEDORA - FEDORA-2007-2664

CONFIRM - https://issues.rpath.com/browse/RPL-1858

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=56236

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=370092

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=290478

VUPEN - ADV-2008-0083

VUPEN - ADV-2007-3544

VUPEN - ADV-2006-2164

VUPEN - ADV-2006-2163

VUPEN - ADV-2006-2162

VUPEN - ADV-2006-2160

UBUNTU - USN-535-1

UBUNTU - USN-536-1

MISC - http://www.thanhngan.org/fflinuxversion.html

BID - 18308

BUGTRAQ - 20071029 rPSA-2007-0225-2 firefox thunderbird

BUGTRAQ - 20071029 FLEA-2007-0062-1 firefox

BUGTRAQ - 20071026 rPSA-2007-0225-1 firefox

SUSE - SUSE-SA:2007:057

CONFIRM - http://www.mozilla.org/security/announce/2007/mfsa2007-32.html

MANDRIVA - MDKSA-2006:145

MANDRIVA - MDKSA-2006:143

MANDRIVA - MDKSA-2007:202

MISC - http://www.gnucitizen.org/blog/browser-focus-rip

CONFIRM - http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

SUNALERT - 201516

SECTRACK - 1018837

SREASON - 1059

SECUNIA - 27414

SECUNIA - 27403

SECUNIA - 27387

SECUNIA - 27383

SECUNIA - 27335

SECUNIA - 27298

SECUNIA - 21532

SECUNIA - 20472

SECUNIA - 20470

SECUNIA - 20467

SECUNIA - 20442

FULLDISC - 20070211 Firefox focus stealing vulnerability (possibly other browsers)

FULLDISC - 20060605 file upload widgets in IE and Firefox have issues

MISC - http://lcamtuf.coredump.cx/focusbug/

HP - HPSBUX02153

BUGTRAQ - 20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)

HP - SSRT061181


Last Updated: 27 May 2016 10:42:35