CVE - CVE-2006-2782

CVE-ID
CVE-2006-2782	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20060602 rPSA-2006-0091-1 firefox thunderbird URL:http://www.securityfocus.com/archive/1/435795/100/0/threaded CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-41.html DEBIAN:DSA-1118 URL:http://www.debian.org/security/2006/dsa-1118 DEBIAN:DSA-1120 URL:http://www.debian.org/security/2006/dsa-1120 DEBIAN:DSA-1134 URL:http://www.debian.org/security/2006/dsa-1134 GENTOO:GLSA-200606-12 URL:http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml HP:HPSBUX02153 URL:http://www.securityfocus.com/archive/1/446658/100/200/threaded HP:SSRT061181 URL:http://www.securityfocus.com/archive/1/446658/100/200/threaded MANDRIVA:MDKSA-2006:143 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 MANDRIVA:MDKSA-2006:145 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 REDHAT:RHSA-2006:0578 URL:http://www.redhat.com/support/errata/RHSA-2006-0578.html REDHAT:RHSA-2006:0610 URL:http://www.redhat.com/support/errata/RHSA-2006-0610.html REDHAT:RHSA-2006:0611 URL:http://www.redhat.com/support/errata/RHSA-2006-0611.html REDHAT:RHSA-2006:0609 URL:http://rhn.redhat.com/errata/RHSA-2006-0609.html REDHAT:RHSA-2006:0594 URL:http://www.redhat.com/support/errata/RHSA-2006-0594.html SUSE:SUSE-SA:2006:035 URL:http://www.novell.com/linux/security/advisories/2006_35_mozilla.html UBUNTU:USN-296-1 URL:https://usn.ubuntu.com/296-1/ UBUNTU:USN-296-2 URL:https://usn.ubuntu.com/296-2/ UBUNTU:USN-323-1 URL:https://usn.ubuntu.com/323-1/ BID:18228 URL:http://www.securityfocus.com/bid/18228 OVAL:oval:org.mitre.oval:def:10429 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10429 VUPEN:ADV-2006-2106 URL:http://www.vupen.com/english/advisories/2006/2106 VUPEN:ADV-2006-3748 URL:http://www.vupen.com/english/advisories/2006/3748 VUPEN:ADV-2008-0083 URL:http://www.vupen.com/english/advisories/2008/0083 SECTRACK:1016202 URL:http://securitytracker.com/id?1016202 SECUNIA:20376 URL:http://secunia.com/advisories/20376 SECUNIA:20561 URL:http://secunia.com/advisories/20561 SECUNIA:21134 URL:http://secunia.com/advisories/21134 SECUNIA:21183 URL:http://secunia.com/advisories/21183 SECUNIA:21176 URL:http://secunia.com/advisories/21176 SECUNIA:21178 URL:http://secunia.com/advisories/21178 SECUNIA:21188 URL:http://secunia.com/advisories/21188 SECUNIA:21269 URL:http://secunia.com/advisories/21269 SECUNIA:21270 URL:http://secunia.com/advisories/21270 SECUNIA:21336 URL:http://secunia.com/advisories/21336 SECUNIA:21324 URL:http://secunia.com/advisories/21324 SECUNIA:21532 URL:http://secunia.com/advisories/21532 SECUNIA:21631 URL:http://secunia.com/advisories/21631 SECUNIA:22066 URL:http://secunia.com/advisories/22066 XF:mozilla-firefox-textbox-file-access(26851) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26851
Assigning CNA
N/A
Date Entry Created
20060602	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060602)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.