Vulnerability Name: CVE-2006-1729 (CCN-25823) Assigned: 2006-04-14 Published: 2006-04-14 Updated: 2018-10-18 Summary: Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-20 Vulnerability Consequences: Obtain Information References: Source: SCO Type: Broken LinkSCOSA-2006.26 Source: SGI Type: Broken Link20060404-01-U Source: MITRE Type: CNACVE-2006-1729 Source: SUSE Type: Broken LinkSUSE-SA:2006:021 Source: CCN Type: RHSA-2006-0328firefox security update Source: CCN Type: RHSA-2006-0329mozilla security update Source: CCN Type: SA19631Firefox Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory19631 Source: CCN Type: SA19649Mozilla SeaMonkey Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory19649 Source: SECUNIA Type: Third Party Advisory19696 Source: SECUNIA Type: Third Party Advisory19714 Source: SECUNIA Type: Third Party Advisory19721 Source: SECUNIA Type: Third Party Advisory19729 Source: SECUNIA Type: Third Party Advisory19746 Source: SECUNIA Type: Third Party Advisory19759 Source: SECUNIA Type: Third Party Advisory19794 Source: SECUNIA Type: Third Party Advisory19811 Source: SECUNIA Type: Third Party Advisory19852 Source: SECUNIA Type: Third Party Advisory19862 Source: SECUNIA Type: Third Party Advisory19863 Source: SECUNIA Type: Third Party Advisory19902 Source: SECUNIA Type: Third Party Advisory19941 Source: SECUNIA Type: Third Party Advisory21033 Source: SECUNIA Type: Third Party Advisory21622 Source: SECUNIA Type: Third Party Advisory22066 Source: CCN Type: Sun Alert ID: 102550Multiple Security Vulnerabilites in Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux Source: SUNALERT Type: Broken Link102550 Source: SUNALERT Type: Broken Link228526 Source: CCN Type: ASA-2006-085Mozilla Firefox and Thunderbird security update (RHSA-2006-0328 RHSA-2006-0329 RHSA-2006-330) Source: CONFIRM Type: Third Party Advisoryhttp://support.avaya.com/elmodocs2/security/ASA-2006-205.htm Source: CCN Type: ASA-2006-259HP-UX Firefox Vulnerabilities Source: CCN Type: ASA-2007-097HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153) Source: DEBIAN Type: Third Party AdvisoryDSA-1044 Source: DEBIAN Type: Third Party AdvisoryDSA-1046 Source: DEBIAN Type: Third Party AdvisoryDSA-1051 Source: DEBIAN Type: DSA-1044mozilla-firefox -- several vulnerabilities Source: DEBIAN Type: DSA-1046mozilla -- several vulnerabilities Source: DEBIAN Type: DSA-1051mozilla-thunderbird -- several vulnerabilities Source: DEBIAN Type: DSA-1118mozilla -- several vulnerabilities Source: DEBIAN Type: DSA-1120mozilla-firefox -- several vulnerabilities Source: DEBIAN Type: DSA-1134mozilla-thunderbird -- several vulnerabilities Source: CCN Type: GLSA-200604-12Mozilla Firefox: Multiple vulnerabilities Source: GENTOO Type: Third Party AdvisoryGLSA-200604-12 Source: CCN Type: GLSA-200604-18Mozilla Suite: Multiple vulnerabilities Source: GENTOO Type: Third Party AdvisoryGLSA-200604-18 Source: MANDRIVA Type: Third Party AdvisoryMDKSA-2006:075 Source: MANDRIVA Type: Third Party AdvisoryMDKSA-2006:076 Source: CCN Type: Mozilla Web siteFirefox - Rediscover the Web Source: CCN Type: MFSA 2006-23File stealing by changing input type Source: CONFIRM Type: Vendor Advisoryhttp://www.mozilla.org/security/announce/2006/mfsa2006-23.html Source: SUSE Type: Broken Link, Third Party AdvisorySUSE-SA:2006:035 Source: FEDORA Type: Third Party AdvisoryFEDORA-2006-410 Source: FEDORA Type: Third Party AdvisoryFEDORA-2006-411 Source: REDHAT Type: Third Party AdvisoryRHSA-2006:0328 Source: REDHAT Type: Third Party AdvisoryRHSA-2006:0329 Source: FEDORA Type: UNKNOWNFLSA:189137-1 Source: FEDORA Type: UNKNOWNFLSA:189137-2 Source: HP Type: UNKNOWNSSRT061181 Source: BID Type: Third Party Advisory, VDB Entry17516 Source: CCN Type: BID-17516Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities Source: CCN Type: USN-271-1Firefox vulnerabilities Source: CCN Type: USN-275-1Mozilla vulnerabilities Source: CCN Type: USN-296-1Firefox vulnerabilities Source: CCN Type: USN-296-2Firefox vulnerabilities Source: CCN Type: USN-323-1Mozilla vulnerabilities Source: VUPEN Type: Permissions Required, Third Party AdvisoryADV-2006-1356 Source: VUPEN Type: Permissions Required, Third Party AdvisoryADV-2006-3391 Source: VUPEN Type: Permissions Required, Third Party AdvisoryADV-2006-3748 Source: VUPEN Type: Permissions Required, Third Party AdvisoryADV-2008-0083 Source: XF Type: Third Party Advisory, VDB Entrymozilla-textbox-file-access(25823) Source: XF Type: UNKNOWNmozilla-textbox-file-access(25823) Source: OVAL Type: Third Party Advisoryoval:org.mitre.oval:def:10922 Source: OVAL Type: Third Party Advisoryoval:org.mitre.oval:def:1929 Source: UBUNTU Type: Third Party AdvisoryUSN-271-1 Source: UBUNTU Type: Third Party AdvisoryUSN-275-1 Source: SUSE Type: SUSE-SA:2006:021Mozilla Firefox and Mozilla suite various security problems Source: SUSE Type: SUSE-SA:2006:035Mozilla browser security problems Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.0 and < 1.0.8)OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.5 and < 1.5.0.2) OR cpe:/a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* (Version < 1.7.13) OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version < 1.0.1) Configuration 2 :cpe:/o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
mozilla firefox *
mozilla firefox *
mozilla mozilla suite *
mozilla seamonkey *
canonical ubuntu linux 4.10
canonical ubuntu linux 5.04
canonical ubuntu linux 5.10
mozilla firefox 1.0
mozilla thunderbird 1.0.1
mozilla mozilla suite 1.7.6
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla firefox 1.0.3
mozilla mozilla suite 1.7.7
mozilla firefox 1.0.4
mozilla mozilla suite 1.7.8
mozilla firefox 1.0.6
mozilla firefox 1.5 beta1
mozilla mozilla suite 1.7.11
mozilla firefox 1.0.7
mozilla thunderbird 1.0.2
mozilla thunderbird 1.0.6
mozilla thunderbird 1.0.7
mozilla firefox 1.5
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla thunderbird 1.5.0.1
mozilla firefox 1.0.5
mozilla firefox 1.5.0.1
mozilla firefox 1.5 beta2
mozilla mozilla suite 1.7.10
mozilla mozilla suite 1.7.12
mozilla thunderbird 1.0
mozilla thunderbird 1.0.3
mozilla thunderbird 1.0.4
mozilla thunderbird 1.0.5
mozilla seamonkey 1.0
mozilla seamonkey 1.0
mozilla thunderbird 1.0.5 beta
gentoo linux *
suse linux enterprise server 8
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
suse suse linux 9.1
redhat enterprise linux 3
suse suse linux 9.2
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
suse suse linux 10.0
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 2006
canonical ubuntu 6.06
suse suse linux 10.1
mandrakesoft mandrake linux 2006
mandrakesoft mandrake linux corporate server 3.0
suse suse linux 9.3