PRIOn knowledge basePRION:CVE-2006-1729Input validation
6.5 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.046 Low
EPSS
Percentile
92.3%
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 4.10 | |
| ubuntu_linux | eq | 5.04 | |
| ubuntu_linux | eq | 5.10 | |
| firefox | ge | 1.5 | |
| firefox | lt | 1.5.0.2 | |
| firefox | ge | 1.0 | |
| firefox | lt | 1.0.8 | |
| mozilla_suite | lt | 1.7.13 | |
| seamonkey | lt | 1.0.1 |
References
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
secunia.com/advisories/19631
secunia.com/advisories/19649
secunia.com/advisories/19696
secunia.com/advisories/19714
secunia.com/advisories/19721
secunia.com/advisories/19729
secunia.com/advisories/19746
secunia.com/advisories/19759
secunia.com/advisories/19794
secunia.com/advisories/19811
secunia.com/advisories/19852
secunia.com/advisories/19862
secunia.com/advisories/19863
secunia.com/advisories/19902
secunia.com/advisories/19941
secunia.com/advisories/21033
secunia.com/advisories/21622
secunia.com/advisories/22066
sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
support.avaya.com/elmodocs2/security/ASA-2006-205.htm
www.debian.org/security/2006/dsa-1044
www.debian.org/security/2006/dsa-1046
www.debian.org/security/2006/dsa-1051
www.gentoo.org/security/en/glsa/glsa-200604-12.xml
www.gentoo.org/security/en/glsa/glsa-200604-18.xml
www.mandriva.com/security/advisories?name=MDKSA-2006:075
www.mandriva.com/security/advisories?name=MDKSA-2006:076
www.mozilla.org/security/announce/2006/mfsa2006-23.html
www.novell.com/linux/security/advisories/2006_35_mozilla.html
www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
www.redhat.com/support/errata/RHSA-2006-0328.html
www.redhat.com/support/errata/RHSA-2006-0329.html
www.securityfocus.com/archive/1/436296/100/0/threaded
www.securityfocus.com/archive/1/436338/100/0/threaded
www.securityfocus.com/archive/1/446658/100/200/threaded
www.securityfocus.com/bid/17516
www.vupen.com/english/advisories/2006/1356
www.vupen.com/english/advisories/2006/3391
www.vupen.com/english/advisories/2006/3748
www.vupen.com/english/advisories/2008/0083
exchange.xforce.ibmcloud.com/vulnerabilities/25823
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10922
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1929
usn.ubuntu.com/271-1/
usn.ubuntu.com/275-1/
Related
6.5 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.046 Low
EPSS
Percentile
92.3%