CVE-2006-2894 Information

Feb 14, 2021 cve

Description

Mozilla Firefox 1.5.0.4 2.0.x before 2.0.0.8 Mozilla Suite 1.7.13 Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5 and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown OnKeyPress and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control which can then upload the file when the user submits the form.

Reference

http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.coredump.cx/focusbug/ http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html http://lists.virus.org/full-disclosure-0702/msg00225.html http://secunia.com/advisories/20442 http://secunia.com/advisories/20467 http://secunia.com/advisories/20470 http://secunia.com/advisories/20472 http://secunia.com/advisories/21532 http://secunia.com/advisories/27298 http://secunia.com/advisories/27335 http://secunia.com/advisories/27383 http://secunia.com/advisories/27387 http://secunia.com/advisories/27403 http://secunia.com/advisories/27414 http://securityreason.com/securityalert/1059 http://securitytracker.com/id?1018837 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html http://www.gnucitizen.org/blog/browser-focus-rip http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.mozilla.org/security/announce/2007/mfsa2007-32.html http://www.novell.com/linux/security/advisories/2007_57_mozilla.html http://www.securityfocus.com/archive/1/482876/100/200/threaded http://www.securityfocus.com/archive/1/482925/100/0/threaded http://www.securityfocus.com/archive/1/482932/100/200/threaded http://www.securityfocus.com/bid/18308 http://www.thanhngan.org/fflinuxversion.html http://www.ubuntu.com/usn/usn-536-1 http://www.vupen.com/english/advisories/2006/2160 http://www.vupen.com/english/advisories/2006/2162 http://www.vupen.com/english/advisories/2006/2163 http://www.vupen.com/english/advisories/2006/2164 http://www.vupen.com/english/advisories/2007/3544 http://www.vupen.com/english/advisories/2008/0083 https://bugzilla.mozilla.org/show_bug.cgi?id=290478 https://bugzilla.mozilla.org/show_bug.cgi?id=370092 https://bugzilla.mozilla.org/show_bug.cgi?id=56236 https://issues.rpath.com/browse/RPL-1858 https://usn.ubuntu.com/535-1/ https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

Share on: