CVE-2006-1736
First published: Fri Apr 14 2006(Updated: )
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =1.5-beta2 | |
| Mozilla Mozilla Suite | <=1.7.12 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Firefox | =1.5-beta1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Mozilla Suite | =1.7.10 | |
| Mozilla Firefox | =1.0.4 | |
| Mozilla Mozilla Suite | =1.7.8 | |
| Mozilla Thunderbird | =1.0 | |
| Mozilla Thunderbird | =1.0.1 | |
| Mozilla Thunderbird | =1.5-beta2 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla Thunderbird | =1.0.2 | |
| Mozilla Mozilla Suite | =1.7.11 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Thunderbird | =1.5 | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Thunderbird | =1.0.4 | |
| Mozilla Thunderbird | =1.0.3 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Thunderbird | =1.0.6 | |
| Mozilla Thunderbird | =1.0.5-beta | |
| Mozilla Mozilla Suite | =1.7.7 | |
| Mozilla Firefox | <=1.0.7 | |
| Mozilla Mozilla Suite | =1.7.6 | |
| Mozilla SeaMonkey | <=1.0 | |
| Mozilla Thunderbird | <=1.0.7 | |
| Mozilla Thunderbird | =1.0.5 | |
| Mozilla Firefox | =1.0.5 | |
| Mozilla Firefox | =1.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=293527
- http://www.securityfocus.com/bid/17516
- http://secunia.com/advisories/19631
- http://www.debian.org/security/2006/dsa-1044
- http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
- http://secunia.com/advisories/19759
- http://secunia.com/advisories/19794
- http://www.debian.org/security/2006/dsa-1046
- http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
- http://secunia.com/advisories/19852
- http://secunia.com/advisories/19862
- http://secunia.com/advisories/19863
- http://secunia.com/advisories/19902
- http://www.debian.org/security/2006/dsa-1051
- http://secunia.com/advisories/19941
- http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
- http://secunia.com/advisories/19721
- http://secunia.com/advisories/19746
- http://secunia.com/advisories/21033
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
- http://secunia.com/advisories/21622
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
- http://www.vupen.com/english/advisories/2006/1356
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25814
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1548
- https://usn.ubuntu.com/275-1/
- https://usn.ubuntu.com/271-1/
- http://www.securityfocus.com/archive/1/438730/100/0/threaded
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.5-beta2
- canonical/mozilla mozilla suite
- version/mozilla mozilla suite/1.7.12
- version/mozilla firefox/1.0.2
- version/mozilla firefox/1.5-beta1
- version/mozilla firefox/1.5
- version/mozilla mozilla suite/1.7.10
- version/mozilla firefox/1.0.4
- version/mozilla mozilla suite/1.7.8
- canonical/mozilla thunderbird
- version/mozilla thunderbird/1.0
- version/mozilla thunderbird/1.0.1
- version/mozilla thunderbird/1.5-beta2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0
- version/mozilla thunderbird/1.0.2
- version/mozilla mozilla suite/1.7.11
- version/mozilla firefox/1.0
- version/mozilla thunderbird/1.5
- version/mozilla firefox/1.0.1
- version/mozilla thunderbird/1.0.4
- version/mozilla thunderbird/1.0.3
- version/mozilla firefox/1.0.3
- version/mozilla thunderbird/1.0.6
- version/mozilla thunderbird/1.0.5-beta
- version/mozilla mozilla suite/1.7.7
- version/mozilla firefox/1.0.7
- version/mozilla mozilla suite/1.7.6
- version/mozilla thunderbird/1.0.7
- version/mozilla thunderbird/1.0.5
- version/mozilla firefox/1.0.5
- version/mozilla firefox/1.0.6