Vulnerability CVE-2006-1736


Published: 2006-04-14   Modified: 2012-02-12

Description:
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.

Type:

CWE-Other

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Mozilla -> Firefox 
Mozilla -> Mozilla suite 
Mozilla -> Seamonkey 
Mozilla -> Thunderbird 

 References:
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.debian.org/security/2006/dsa-1044
http://www.debian.org/security/2006/dsa-1046
http://www.debian.org/security/2006/dsa-1051
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/bid/17516
http://www.vupen.com/english/advisories/2006/1356
https://bugzilla.mozilla.org/show_bug.cgi?id=293527
https://exchange.xforce.ibmcloud.com/vulnerabilities/25814
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1548
https://usn.ubuntu.com/271-1/
https://usn.ubuntu.com/275-1/

Copyright 2024, cxsecurity.com

 

Back to Top