CVE-2006-1729: Input Validation
First published: Fri Apr 14 2006(Updated: )
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Mozilla Suite | <1.7.13 | |
| Mozilla SeaMonkey | <1.0.1 | |
| Mozilla Firefox | >=1.5<1.5.0.2 | |
| Mozilla Firefox | >=1.0<1.0.8 | |
| Canonical Ubuntu Linux | =4.10 | |
| Canonical Ubuntu Linux | =5.04 | |
| Canonical Ubuntu Linux | =5.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
- http://www.redhat.com/support/errata/RHSA-2006-0328.html
- http://www.securityfocus.com/bid/17516
- http://secunia.com/advisories/19631
- http://secunia.com/advisories/19649
- http://www.debian.org/security/2006/dsa-1044
- http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
- http://secunia.com/advisories/19759
- http://secunia.com/advisories/19794
- http://www.debian.org/security/2006/dsa-1046
- http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
- http://secunia.com/advisories/19811
- http://secunia.com/advisories/19852
- http://secunia.com/advisories/19862
- http://secunia.com/advisories/19863
- http://secunia.com/advisories/19902
- http://www.debian.org/security/2006/dsa-1051
- http://secunia.com/advisories/19941
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
- http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
- http://secunia.com/advisories/19714
- http://secunia.com/advisories/19721
- http://secunia.com/advisories/19746
- http://www.redhat.com/support/errata/RHSA-2006-0329.html
- http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
- http://secunia.com/advisories/21033
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
- http://secunia.com/advisories/21622
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://secunia.com/advisories/19696
- http://secunia.com/advisories/19729
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
- http://secunia.com/advisories/22066
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
- http://www.vupen.com/english/advisories/2006/1356
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2006/3391
- http://www.vupen.com/english/advisories/2008/0083
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1929
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10922
- https://usn.ubuntu.com/275-1/
- https://usn.ubuntu.com/271-1/
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.securityfocus.com/archive/1/436338/100/0/threaded
- http://www.securityfocus.com/archive/1/436296/100/0/threaded
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla mozilla suite
- canonical/mozilla seamonkey
- canonical/mozilla firefox
- version/mozilla firefox/1.5
- version/mozilla firefox/1.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/4.10
- version/canonical ubuntu linux/5.04
- version/canonical ubuntu linux/5.10