Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-1729 | First vendor Publication | 2006-04-14 |
Vendor | Cve | Last vendor Modification | 2018-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1929 | |||
Oval ID: | oval:org.mitre.oval:def:1929 | ||
Title: | Mozilla File Stealing by Changing Input Type | ||
Description: | Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-1729 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla suite File : nvt/sles9p5019559.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox) File : nvt/glsa_200604_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-18 (mozilla) File : nvt/glsa_200604_18.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox22.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1044-1 (mozilla-firefox) File : nvt/deb_1044_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1046-1 (mozilla) File : nvt/deb_1046_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1051-1 (mozilla-thunderbird) File : nvt/deb_1051_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1118-1 (mozilla) File : nvt/deb_1118_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1120-1 (mozilla-firefox) File : nvt/deb_1120_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1134-1 (mozilla-thunderbird) File : nvt/deb_1134_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
24678 | Mozilla Multiple Products Text Box Arbitrary File Access |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-12-21 | Name : A web browser on the remote host is prone to multiple flaws. File : mozilla_firefox_108.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-323-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-296-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-296-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-1585.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris8_120671.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris9_120671.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-487.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-488.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1134.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1120.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1118.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1051.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1046.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1044.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_84630f4acd8c11dab7b9000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
2006-05-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-18.nasl - Type : ACT_GATHER_INFO |
2006-04-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-275-1.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-075.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-12.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_021.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-271-1.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-411.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-410.nasl - Type : ACT_GATHER_INFO |
2006-04-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO |
2006-04-14 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_101.nasl - Type : ACT_GATHER_INFO |
2006-04-14 | Name : A web browser on the remote host is prone to multiple flaws. File : mozilla_firefox_1502.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-10 01:03:51 |
|
2024-02-02 01:04:03 |
|
2024-02-01 12:01:54 |
|
2023-09-05 12:03:47 |
|
2023-09-05 01:01:45 |
|
2023-09-02 12:03:51 |
|
2023-09-02 01:01:45 |
|
2023-08-12 12:04:33 |
|
2023-08-12 01:01:46 |
|
2023-08-11 12:03:55 |
|
2023-08-11 01:01:48 |
|
2023-08-06 12:03:41 |
|
2023-08-06 01:01:46 |
|
2023-08-04 12:03:46 |
|
2023-08-04 01:01:48 |
|
2023-07-14 12:03:45 |
|
2023-07-14 01:01:47 |
|
2023-03-29 01:04:01 |
|
2023-03-28 12:01:52 |
|
2022-10-11 12:03:20 |
|
2022-10-11 01:01:38 |
|
2021-05-05 01:02:21 |
|
2021-05-04 12:03:54 |
|
2021-04-22 01:04:27 |
|
2020-10-14 01:01:52 |
|
2020-10-03 01:01:52 |
|
2020-05-29 01:01:46 |
|
2020-05-23 01:37:29 |
|
2020-05-23 00:17:38 |
|
2019-03-18 12:01:17 |
|
2018-11-30 12:01:42 |
|
2018-10-18 21:20:04 |
|
2018-10-05 05:18:09 |
|
2018-10-04 00:19:27 |
|
2018-07-13 01:02:02 |
|
2017-11-21 12:01:30 |
|
2017-10-11 09:23:39 |
|
2017-07-20 09:23:29 |
|
2016-04-26 14:29:47 |
|
2014-02-17 10:35:23 |
|
2013-05-11 10:53:54 |
|