FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-1729

This CVE name corresponds to:

Entered	Topic
2006-04-16	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-1729 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2006-1729
Phase	Assigned(20060412)

Description

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

References

Source	Reference
CONFIRM	http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
DEBIAN	DSA-1044
DEBIAN	DSA-1046
DEBIAN	DSA-1051
FEDORA	FEDORA-2006-410
FEDORA	FEDORA-2006-411
FEDORA	FLSA:189137-1
FEDORA	FLSA:189137-2
GENTOO	GLSA-200604-12
GENTOO	GLSA-200604-18
HP	HPSBUX02153
HP	SSRT061181
MANDRIVA	MDKSA-2006:075
MANDRIVA	MDKSA-2006:076
REDHAT	RHSA-2006:0328
REDHAT	RHSA-2006:0329
SCO	SCOSA-2006.26
SGI	20060404-01-U
SUNALERT	102550
SUNALERT	228526
SUSE	SUSE-SA:2006:021
SUSE	SUSE-SA:2006:035
UBUNTU	USN-275-1
UBUNTU	USN-271-1
BID	17516
OVAL	oval:org.mitre.oval:def:10922
VUPEN	ADV-2006-1356
VUPEN	ADV-2006-3391
VUPEN	ADV-2006-3748
VUPEN	ADV-2008-0083
OVAL	oval:org.mitre.oval:def:1929
SECUNIA	19631
SECUNIA	19649
SECUNIA	19759
SECUNIA	19794
SECUNIA	19811
SECUNIA	19852
SECUNIA	19862
SECUNIA	19863
SECUNIA	19902
SECUNIA	19941
SECUNIA	19714
SECUNIA	19721
SECUNIA	19746
SECUNIA	21033
SECUNIA	21622
SECUNIA	19696
SECUNIA	19729
SECUNIA	22066
XF	mozilla-textbox-file-access(25823)