CVE-2006-2894
published 2006-06-07CVE-2006-2894: Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier…
PriorityP424medium4CVSS 2.0
AVNACHAuNCPIPAN
EXPLOIT
EPSS
9.65%
94.9th percentile
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 2.0.0.8 | — |
| mozilla | firefox | — | — |
| mozilla | mozilla_suite | — | — |
| mozilla | seamonkey | <= 1.1.4 | — |
| mozilla | seamonkey | — | — |
| netscape | navigator | <= 8.1 | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:N
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gjhw-j84v-5cmv: Mozilla Firefox 1
ghsa_unreviewed·2022-05-01
CVE-2006-2894 [MEDIUM] CWE-20 GHSA-gjhw-j84v-5cmv: Mozilla Firefox 1
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2007-10-23·CVSS 4.0
CVE-2006-2894 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5339,
CVE-2007-5340)
Flaws were discovered in the file upload form control. By tricking
a user into opening a malicious web page, an attacker could force
arbitrary files from the user's computer to be uploaded without their
consent. (CVE-2006-2894, CVE-2007-3511)
Michal Zalewski discovered that the onUnload event handlers were
incorrectly able to access information outside the old page content. A
malicious web site could exploit this to modify the contents, or
steal confidential data (such as passwords), of the next l
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2007-10-22·CVSS 4.0
CVE-2007-5334 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5336,
CVE-2007-5339, CVE-2007-5340)
Michal Zalewski discovered that the onUnload event handlers were
incorrectly able to access information outside the old page content.
A malicious web site could exploit this to modify the contents, or steal
confidential data (such as passwords), of the next loaded web page.
(CVE-2007-1095)
Stefano Di Paola discovered that Firefox did not correctly request
Digest Authentications. A malicious web site could exploit this to
inject arbitrary HTTP headers or perform session splitting attacks
aga
No detection rules found.
Exploit-DB
Mozilla Firefox 1.x - JavaScript Key Filtering
exploitdb·2006-06-06
CVE-2006-2894 Mozilla Firefox 1.x - JavaScript Key Filtering
Mozilla Firefox 1.x - JavaScript Key Filtering
---
source: https://www.securityfocus.com/bid/18308/info
Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users.
This issue is demonstrated to allow attackers to divert keystrokes from one input form in a webpage to a hidden file-upload dialog in the same page. This may allow remote attackers to initiate file uploads from unsuspecting users. Other attacks may also be possible.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter
Exploit-DB
Microsoft Internet Explorer 5.5/6.0/7.0 - JavaScript Key Filtering
exploitdb·2006-06-06
CVE-2006-2894 Microsoft Internet Explorer 5.5/6.0/7.0 - JavaScript Key Filtering
Microsoft Internet Explorer 5.5/6.0/7.0 - JavaScript Key Filtering
---
source: https://www.securityfocus.com/bid/18308/info
Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users.
This issue is demonstrated to allow attackers to divert keystrokes from one input form in a webpage to a hidden file-upload dialog in the same page. This may allow remote attackers to initiate file uploads from unsuspecting users. Other attacks may also be possible.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to en
http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.htmlhttp://archives.neohapsis.com/archives/bugtraq/2007-02/0187.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://lcamtuf.coredump.cx/focusbug/http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.htmlhttp://lists.virus.org/full-disclosure-0702/msg00225.htmlhttp://secunia.com/advisories/20442http://secunia.com/advisories/20467http://secunia.com/advisories/20470http://secunia.com/advisories/20472http://secunia.com/advisories/21532http://secunia.com/advisories/27298http://secunia.com/advisories/27335http://secunia.com/advisories/27383http://secunia.com/advisories/27387http://secunia.com/advisories/27403http://secunia.com/advisories/27414http://securityreason.com/securityalert/1059http://securitytracker.com/id?1018837http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.htmlhttp://www.gnucitizen.org/blog/browser-focus-riphttp://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202http://www.mandriva.com/security/advisories?name=MDKSA-2006:143http://www.mandriva.com/security/advisories?name=MDKSA-2006:145http://www.mozilla.org/security/announce/2007/mfsa2007-32.htmlhttp://www.novell.com/linux/security/advisories/2007_57_mozilla.htmlhttp://www.securityfocus.com/archive/1/482876/100/200/threadedhttp://www.securityfocus.com/archive/1/482925/100/0/threadedhttp://www.securityfocus.com/archive/1/482932/100/200/threadedhttp://www.securityfocus.com/bid/18308http://www.thanhngan.org/fflinuxversion.htmlhttp://www.ubuntu.com/usn/usn-536-1http://www.vupen.com/english/advisories/2006/2160http://www.vupen.com/english/advisories/2006/2162http://www.vupen.com/english/advisories/2006/2163http://www.vupen.com/english/advisories/2006/2164http://www.vupen.com/english/advisories/2007/3544http://www.vupen.com/english/advisories/2008/0083https://bugzilla.mozilla.org/show_bug.cgi?id=290478https://bugzilla.mozilla.org/show_bug.cgi?id=370092https://bugzilla.mozilla.org/show_bug.cgi?id=56236https://issues.rpath.com/browse/RPL-1858https://usn.ubuntu.com/535-1/https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.htmlhttp://archives.neohapsis.com/archives/bugtraq/2007-02/0166.htmlhttp://archives.neohapsis.com/archives/bugtraq/2007-02/0187.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://lcamtuf.coredump.cx/focusbug/http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.htmlhttp://lists.virus.org/full-disclosure-0702/msg00225.htmlhttp://secunia.com/advisories/20442http://secunia.com/advisories/20467http://secunia.com/advisories/20470http://secunia.com/advisories/20472http://secunia.com/advisories/21532http://secunia.com/advisories/27298http://secunia.com/advisories/27335http://secunia.com/advisories/27383http://secunia.com/advisories/27387http://secunia.com/advisories/27403http://secunia.com/advisories/27414http://securityreason.com/securityalert/1059http://securitytracker.com/id?1018837http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.htmlhttp://www.gnucitizen.org/blog/browser-focus-riphttp://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202http://www.mandriva.com/security/advisories?name=MDKSA-2006:143http://www.mandriva.com/security/advisories?name=MDKSA-2006:145http://www.mozilla.org/security/announce/2007/mfsa2007-32.htmlhttp://www.novell.com/linux/security/advisories/2007_57_mozilla.htmlhttp://www.securityfocus.com/archive/1/482876/100/200/threadedhttp://www.securityfocus.com/archive/1/482925/100/0/threadedhttp://www.securityfocus.com/archive/1/482932/100/200/threadedhttp://www.securityfocus.com/bid/18308http://www.thanhngan.org/fflinuxversion.htmlhttp://www.ubuntu.com/usn/usn-536-1http://www.vupen.com/english/advisories/2006/2160http://www.vupen.com/english/advisories/2006/2162http://www.vupen.com/english/advisories/2006/2163http://www.vupen.com/english/advisories/2006/2164http://www.vupen.com/english/advisories/2007/3544http://www.vupen.com/english/advisories/2008/0083https://bugzilla.mozilla.org/show_bug.cgi?id=290478https://bugzilla.mozilla.org/show_bug.cgi?id=370092https://bugzilla.mozilla.org/show_bug.cgi?id=56236https://issues.rpath.com/browse/RPL-1858https://usn.ubuntu.com/535-1/https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
2006-06-07
Published