CVE-2006-1736 Information
Description
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8 Mozilla Suite before 1.7.13 and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable which causes the executable to be saved when the user clicks the \Save image as…\ option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.
Reference
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19721 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http://secunia.com/advisories/19794 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/21033 http://secunia.com/advisories/21622 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.debian.org/security/2006/dsa-1044 http://www.debian.org/security/2006/dsa-1046 http://www.debian.org/security/2006/dsa-1051 http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:075 http://www.mandriva.com/security/advisories?name=MDKSA-2006:076 http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.securityfocus.com/archive/1/438730/100/0/threaded http://www.securityfocus.com/bid/17516 http://www.vupen.com/english/advisories/2006/1356 https://bugzilla.mozilla.org/show_bug.cgi?id=293527 https://exchange.xforce.ibmcloud.com/vulnerabilities/25814 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1548 https://usn.ubuntu.com/271-1/ https://usn.ubuntu.com/275-1/
Share on: