CVE-2006-1736

2006-04-1410:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1736

mozilla firefox

mozilla suite

remote attackers

download trick

executable file

security vulnerability

6.1 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.218 Low

EPSS

Percentile

96.4%

JSON

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the “Save image as…” option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq1.5
mozilla:mozilla_suitemozilla mozilla suitele1.7.12
mozilla:firefoxmozilla firefoxeq1.0.2
mozilla:mozilla_suitemozilla mozilla suiteeq1.7.10
mozilla:firefoxmozilla firefoxeq1.0.4
mozilla:mozilla_suitemozilla mozilla suiteeq1.7.8
mozilla:thunderbirdmozilla thunderbirdeq1.0
mozilla:thunderbirdmozilla thunderbirdeq1.0.1
mozilla:thunderbirdmozilla thunderbirdeq1.5
mozilla:seamonkeymozilla seamonkeyeq1.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	1.5
mozilla:mozilla_suite	mozilla mozilla suite	le	1.7.12
mozilla:firefox	mozilla firefox	eq	1.0.2
mozilla:mozilla_suite	mozilla mozilla suite	eq	1.7.10
mozilla:firefox	mozilla firefox	eq	1.0.4
mozilla:mozilla_suite	mozilla mozilla suite	eq	1.7.8
mozilla:thunderbird	mozilla thunderbird	eq	1.0
mozilla:thunderbird	mozilla thunderbird	eq	1.0.1
mozilla:thunderbird	mozilla thunderbird	eq	1.5
mozilla:seamonkey	mozilla seamonkey	eq	1.0