CVE-2006-1736

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
https://bugzilla.mozilla.org/show_bug.cgi?id=293527
http://www.securityfocus.com/bid/17516
http://secunia.com/advisories/19631
http://www.debian.org/security/2006/dsa-1044
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://secunia.com/advisories/19759
http://secunia.com/advisories/19794
http://www.debian.org/security/2006/dsa-1046
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://secunia.com/advisories/19852
http://secunia.com/advisories/19862
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://www.debian.org/security/2006/dsa-1051
http://secunia.com/advisories/19941
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://secunia.com/advisories/19721
http://secunia.com/advisories/19746
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
http://secunia.com/advisories/21033
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://secunia.com/advisories/21622
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
http://www.vupen.com/english/advisories/2006/1356
https://exchange.xforce.ibmcloud.com/vulnerabilities/25814
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1548
https://usn.ubuntu.com/275-1/
https://usn.ubuntu.com/271-1/
http://www.securityfocus.com/archive/1/438730/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
	cpe:2.3:a:mozilla:mozilla_suite:1.7.10:::::::*
	cpe:2.3:a:mozilla:mozilla_suite:1.7.11:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.5:::::::*
	cpe:2.3:a:mozilla:mozilla_suite:1.7.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
	cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
	cpe:2.3:a:mozilla:mozilla_suite::::::::
	cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
	cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
	cpe:2.3:a:mozilla:firefox:1.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
	cpe:2.3:a:mozilla:mozilla_suite:1.7.7:::::::*
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:mozilla_suite:1.7.6:::::::*
	cpe:2.3:a:mozilla:seamonkey::beta::::::*
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.5:::::::*

Information

Published : 2006-04-14 03:02

Updated : 2018-10-18 09:35

NVD link : CVE-2006-1736

Mitre link : CVE-2006-1736

JSON object : View

CWE

NVD-CWE-Other

Products Affected

mozilla

firefox
thunderbird
seamonkey
mozilla_suite

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-13.html", "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-13.html", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=293527", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=293527", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/17516", "name": "17516", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/19631", "name": "19631", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2006/dsa-1044", "name": "DSA-1044", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml", "name": "GLSA-200604-12", "tags": [], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/19759", "name": "19759", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/19794", "name": "19794", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2006/dsa-1046", "name": "DSA-1046", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml", "name": "GLSA-200604-18", "tags": [], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/19852", "name": "19852", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/19862", "name": "19862", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/19863", "name": "19863", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/19902", "name": "19902", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2006/dsa-1051", "name": "DSA-1051", "tags": [], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/19941", "name": "19941", "tags": [], "refsource": "SECUNIA"}, {"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html", "name": "SUSE-SA:2006:021", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/19721", "name": "19721", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/19746", "name": "19746", "tags": [], "refsource": "SECUNIA"}, {"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt", "name": "SCOSA-2006.26", "tags": [], "refsource": "SCO"}, {"url": "http://secunia.com/advisories/21033", "name": "21033", "tags": [], "refsource": "SECUNIA"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1", "name": "102550", "tags": [], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/21622", "name": "21622", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075", "name": "MDKSA-2006:075", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076", "name": "MDKSA-2006:076", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1", "name": "228526", "tags": [], "refsource": "SUNALERT"}, {"url": "http://www.vupen.com/english/advisories/2006/1356", "name": "ADV-2006-1356", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25814", "name": "mozilla-saveimageas-ext-spoofing(25814)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1548", "name": "oval:org.mitre.oval:def:1548", "tags": [], "refsource": "OVAL"}, {"url": "https://usn.ubuntu.com/275-1/", "name": "USN-275-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/271-1/", "name": "USN-271-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded", "name": "HPSBUX02122", "tags": [], "refsource": "HP"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the \"Save image as...\" option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1736", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2006-04-14T10:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.7.12"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.7"}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.7"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:35Z"}

2.6 /10