Home > Vulnerability Database > CVE-2006-1729

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2006-1729

Date: April 14, 2006

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

Severity Score

3.7

Related Resources (52)

Url: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

Url: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html

Url: http://secunia.com/advisories/19811

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

Url: http://www.vupen.com/english/advisories/2006/3391

Url: http://secunia.com/advisories/19852

Url: http://www.securityfocus.com/archive/1/446658/100/200/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:075

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

Url: http://www.vupen.com/english/advisories/2006/3748

Url: http://secunia.com/advisories/22066

Url: http://www.mozilla.org/security/announce/2006/mfsa2006-23.html

Url: http://www.debian.org/security/2006/dsa-1044

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Url: http://www.debian.org/security/2006/dsa-1046

Url: http://secunia.com/advisories/19902

Url: http://www.securityfocus.com/archive/1/436296/100/0/threaded

Url: http://secunia.com/advisories/19746

Url: http://secunia.com/advisories/19941

Url: http://secunia.com/advisories/19862

Url: http://secunia.com/advisories/19863

Url: http://secunia.com/advisories/19794

Url: http://secunia.com/advisories/21622

Url: http://www.securityfocus.com/archive/1/436338/100/0/threaded

Url: http://www.securityfocus.com/bid/17516

Url: http://www.vupen.com/english/advisories/2006/1356

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10922

Url: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-1729

Url: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

Url: http://secunia.com/advisories/19714

Url: http://secunia.com/advisories/19759

Url: http://secunia.com/advisories/19631

Url: http://www.vupen.com/english/advisories/2008/0083

Url: http://www.debian.org/security/2006/dsa-1051

Url: http://secunia.com/advisories/21033

Url: http://www.redhat.com/support/errata/RHSA-2006-0328.html

Url: http://secunia.com/advisories/19729

Url: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html

Url: http://secunia.com/advisories/19649

Url: ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

Url: http://secunia.com/advisories/19721

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/25823

Url: https://usn.ubuntu.com/271-1/

Url: http://www.redhat.com/support/errata/RHSA-2006-0329.html

Url: http://secunia.com/advisories/19696

Url: http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

Url: https://usn.ubuntu.com/275-1/

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1929

Url: http://www.novell.com/linux/security/advisories/2006_35_mozilla.html

Url: https://www.mend.io/vulnerability-database/CVE-2006-1729

Severity Score

3.7

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us