Vulnerability Details : CVE-2006-1729
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
Vulnerability category: Input validation
Products affected by CVE-2006-1729
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1729
15.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1729
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2006-1729
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-1729
-
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
ASA-2006-205 (SUN 102502, 102513, 102514, 102519, 102550, 102556, 102557, 102582, 102588, 102589, 102593)Third Party Advisory
-
https://usn.ubuntu.com/271-1/
404: Page not found | UbuntuThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25823
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required;Third Party Advisory
-
http://www.debian.org/security/2006/dsa-1051
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilitiesThird Party Advisory
-
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
[SECURITY] Fedora Core 5 Update: firefox-1.5.0.2-1.1.fc5Third Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200604-12) — Gentoo securityThird Party Advisory
-
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
[SECURITY] Fedora Core 4 Update: firefox-1.0.8-1.1.fc4Third Party Advisory
-
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0329.html
SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10922
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1929
Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/1356
Site en constructionPermissions Required;Third Party Advisory
-
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
Broken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
Broken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
MandrivaThird Party Advisory
-
http://www.securityfocus.com/archive/1/436296/100/0/threaded
-
http://www.debian.org/security/2006/dsa-1046
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilitiesThird Party Advisory
-
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
Security - Support | SUSEBroken Link;Third Party Advisory
-
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
Object not found!Broken Link
-
http://www.vupen.com/english/advisories/2006/3748
Site en constructionPermissions Required;Third Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
Broken Link
-
http://www.securityfocus.com/bid/17516
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/436338/100/0/threaded
-
https://usn.ubuntu.com/275-1/
404: Page not found | UbuntuThird Party Advisory
-
http://www.vupen.com/english/advisories/2006/3391
Site en constructionPermissions Required;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0328.html
SupportThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
MandrivaThird Party Advisory
-
http://www.securityfocus.com/archive/1/446658/100/200/threaded
-
http://www.debian.org/security/2006/dsa-1044
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilitiesThird Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Mozilla Suite: Multiple vulnerabilities (GLSA 200604-18) — Gentoo securityThird Party Advisory
Jump to