Oval Definition:oval:org.mitre.oval:def:1929
Revision Date:2009-11-09Version:4
Title:Mozilla File Stealing by Changing Input Type
Description:Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-1729
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s):mozilla
Definition Synopsis
  • Mozilla Firefox version 1.5 is installed and has NOT been patched with version 1.5.0.2
  • Mozilla Firefox version 1.5 is installed
  • AND Firefox version 1.5 or earlier is installed
  • AND NOT The version of Firefox.exe is greater than or equal to 1.8.20060.30804 (v1.5.0.2)
  • OR Mozilla Firefox version 1.5.0.1 is installed
  • Mozilla Firefox version 1.5.0.1 is installed
  • AND Firefox version 1.5.0.1 is installed
  • OR Mozilla Firefox version 1.0.7 or earlier is installed
  • Mozilla Firefox version 1.0.7 or earlier is installed
  • AND Firefox version 1.0.7 or earlier is installed
  • OR SeaMonkey version 1.0 or earlier is installed
  • SeaMonkey version 1.0 or earlier is installed
  • AND SeaMonkey version 1.0 or earlier is installed
  • OR Mozilla Suite version 1.7.12 or earlier is installed
  • Mozilla Suite version 1.7.12 or earlier is installed
  • AND Mozilla Suite version 1.7.12 or earlier is installed
    • BACK