CVE-2006-2894

Summary

CVE	CVE-2006-2894
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-06-07 10:02:00 UTC
Updated	2018-10-18 16:43:00 UTC
Description	Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	1.5.0.4	All	All	All
Application	Mozilla	Firefox	1.5.0.4	All	All	All
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Mozilla Suite	1.7.13	All	All	All
Application	Mozilla	Mozilla Suite	1.7.13	All	All	All
Application	Mozilla	Seamonkey	1.0.2	All	All	All
Application	Mozilla	Seamonkey	1.0.2	All	All	All
Application	Mozilla	Seamonkey	All	All	All	All
Application	Netscape	Navigator	All	All	All	All

References

Reference	Source	Link	Tags
SecurityFocus	BUGTRAQ	www.securityfocus.com
20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)	BUGTRAQ	archives.neohapsis.com
Webmail \| OVH- OVH	VUPEN	www.vupen.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
290478 – malicious webpage can filter keyboard strokes and specify a file for uploading from client	MISC	bugzilla.mozilla.org
20070211 Firefox focus stealing vulnerability (possibly other browsers)	BUGTRAQ	archives.neohapsis.com
Bug 370092 – Focus change between onKeyDown and onKeyPress, allowing to read arbitary files using <input type=file> (Zalewski Firefox focus stealing vulnerability)	CONFIRM	bugzilla.mozilla.org
GNUCITIZEN » Browser Focus RIP	MISC	www.gnucitizen.org
Security update for Mozilla Firefox	CONFIRM	support.novell.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
wrong number (404)	MISC	lcamtuf.coredump.cx
Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability	BID	www.securityfocus.com
56236 – possible to selectively allow chars into file upload control by disabling control onkeydown	MISC	bugzilla.mozilla.org
USN-535-1: Firefox vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
SecurityReason - file upload widgets in IE and Firefox have issues	SREASON	securityreason.com
[SECURITY] Fedora 7 Update: firefox-2.0.0.8-1.fc7	FEDORA	www.redhat.com
Advisories - Mandriva Linux	MANDRIVA	www.mandriva.com
Mozilla SeaMonkey File Upload Form Keystroke Event Cancel Vulnerability - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
[Full-disclosure] file upload widgets in IE and Firefox have issues	FULLDISC	lists.grok.org.uk	Exploit
issues.rpath.com/browse/RPL-1858	CONFIRM	issues.rpath.com
Webmail \| OVH- OVH	VUPEN	www.vupen.com	Vendor Advisory
Firefox focus bug ([email protected])	MISC	www.thanhngan.org
Mandriva update for mozilla-firefox - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
HPSBUX02153 SSRT061181 rev.7 - HP-UX Running Firefox, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) - c00771742 - HP Business Support Center	HP	h20000.www2.hp.com
Netscape File Upload Form Keystroke Event Cancel Vulnerability - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Fedora update for firefox - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Firefox File Upload Form Keystroke Event Cancel Vulnerability - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
SecurityTracker.com Archives - Mozilla Firefox May Disclose Files or Information to Remote Users	SECTRACK	securitytracker.com
MFSA 2007-32: File input focus stealing vulnerability	CONFIRM	www.mozilla.org
rPath update for firefox and thunderbird - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Security Announcement	SUSE	www.novell.com
Webmail \| OVH- OVH	VUPEN	www.vupen.com	Vendor Advisory
USN-536-1: Thunderbird vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
SUSE update for Mozilla Firefox - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
[Full-disclosure] Firefox focus stealing vulnerability (possibly other b	FULLDISC	lists.virus.org
Advisories - Mandriva Linux	MANDRIVA	www.mandriva.com
Mozilla Suite File Upload Form Keystroke Event Cancel Vulnerability - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Ubuntu update for mozilla-thunderbird - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Ubuntu update for firefox - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Webmail \| OVH- OVH	VUPEN	www.vupen.com	Vendor Advisory
#201516: Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data	SUNALERT	sunsolve.sun.com
SUSE update for MozillaFirefox, mozilla, and seamonkey - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.