cbcvebase.
CVE-2006-2894
published 2006-06-07

CVE-2006-2894: Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier…

PriorityP424medium4CVSS 2.0
AVNACHAuNCPIPAN
EXPLOIT
EPSS
9.65%
94.9th percentile
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Affected

6 ranges
VendorProductVersion rangeFixed in
mozillafirefox<= 2.0.0.8
mozillafirefox
mozillamozilla_suite
mozillaseamonkey<= 1.1.4
mozillaseamonkey
netscapenavigator<= 8.1

CVSS provenance

nvdv2.04.0MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:N
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.