CVE-2006-1729: Input Validation
First published: Fri Apr 14 2006(Updated: )
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Suite | <1.7.13 | |
| Mozilla SeaMonkey | <1.0.1 | |
| Firefox | >=1.5<1.5.0.2 | |
| Firefox | >=1.0<1.0.8 | |
| Ubuntu | =4.10 | |
| Ubuntu | =5.04 | |
| Ubuntu | =5.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
- http://www.redhat.com/support/errata/RHSA-2006-0328.html
- http://www.securityfocus.com/bid/17516
- http://secunia.com/advisories/19631
- http://secunia.com/advisories/19649
- http://www.debian.org/security/2006/dsa-1044
- http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
- http://secunia.com/advisories/19759
- http://secunia.com/advisories/19794
- http://www.debian.org/security/2006/dsa-1046
- http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
- http://secunia.com/advisories/19811
- http://secunia.com/advisories/19852
- http://secunia.com/advisories/19862
- http://secunia.com/advisories/19863
- http://secunia.com/advisories/19902
- http://www.debian.org/security/2006/dsa-1051
- http://secunia.com/advisories/19941
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
- http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
- http://secunia.com/advisories/19714
- http://secunia.com/advisories/19721
- http://secunia.com/advisories/19746
- http://www.redhat.com/support/errata/RHSA-2006-0329.html
- http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
- http://secunia.com/advisories/21033
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
- http://secunia.com/advisories/21622
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://secunia.com/advisories/19696
- http://secunia.com/advisories/19729
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
- http://secunia.com/advisories/22066
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
- http://www.vupen.com/english/advisories/2006/1356
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2006/3391
- http://www.vupen.com/english/advisories/2008/0083
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25823
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1929
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10922
- https://usn.ubuntu.com/275-1/
- https://usn.ubuntu.com/271-1/
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.securityfocus.com/archive/1/436338/100/0/threaded
- http://www.securityfocus.com/archive/1/436296/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-1729?
CVE-2006-1729 is considered critical as it allows remote attackers to read arbitrary files.
How do I fix CVE-2006-1729?
To fix CVE-2006-1729, upgrade to Mozilla Firefox version 1.5.0.2 or later, or 1.0.8 or later.
Which versions of Firefox are affected by CVE-2006-1729?
CVE-2006-1729 affects Firefox versions before 1.5.0.2 and 1.0.x before 1.0.8.
Can CVE-2006-1729 affect SeaMonkey?
Yes, CVE-2006-1729 affects SeaMonkey versions before 1.0.1.
What are the implications of CVE-2006-1729 for system security?
CVE-2006-1729 poses a risk of sensitive data exposure due to unauthorized file access.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla suite
- canonical/mozilla seamonkey
- canonical/firefox
- version/firefox/1.5
- version/firefox/1.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/4.10
- version/ubuntu/5.04
- version/ubuntu/5.10