[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla File Stealing by Changing Input Type

ID: oval:org.mitre.oval:def:1929Date: (C)2006-05-07   (M)2024-03-27
Class: VULNERABILITYFamily: windows




Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

Platform:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2008 R2
Microsoft Windows 10
Product:
Mozilla
Reference:
CVE-2006-1729
CVE    1
CVE-2006-1729
CPE    15
cpe:/a:mozilla:seamonkey:::x86
cpe:/a:mozilla:firefox:::x86
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5.0.1
...

© SecPod Technologies