[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-2894Date: (C)2006-06-07   (M)2023-12-22


Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 4.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018837
SREASON-1059
BID-18308
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html
http://lists.virus.org/full-disclosure-0702/msg00225.html
http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html
http://www.securityfocus.com/archive/1/482876/100/200/threaded
http://www.securityfocus.com/archive/1/482925/100/0/threaded
http://www.securityfocus.com/archive/1/482932/100/200/threaded
SUNALERT-201516
SECUNIA-20442
SECUNIA-20467
SECUNIA-20470
SECUNIA-20472
SECUNIA-21532
SECUNIA-27298
SECUNIA-27335
SECUNIA-27383
SECUNIA-27387
SECUNIA-27403
SECUNIA-27414
ADV-2006-2160
ADV-2006-2162
ADV-2006-2163
ADV-2006-2164
ADV-2007-3544
ADV-2008-0083
FEDORA-2007-2664
HPSBUX02153
MDKSA-2006:143
MDKSA-2006:145
MDKSA-2007:202
SUSE-SA:2007:057
USN-535-1
USN-536-1
http://lcamtuf.coredump.cx/focusbug/
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.gnucitizen.org/blog/browser-focus-rip
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html
http://www.thanhngan.org/fflinuxversion.html
https://bugzilla.mozilla.org/show_bug.cgi?id=290478
https://bugzilla.mozilla.org/show_bug.cgi?id=370092
https://bugzilla.mozilla.org/show_bug.cgi?id=56236
https://issues.rpath.com/browse/RPL-1858

CPE    6
cpe:/a:netscape:navigator
cpe:/a:mozilla:seamonkey:1.0.2
cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:seamonkey
...
CWE    1
CWE-20

© SecPod Technologies