4.3
CVE-2006-1729
- EPSS 1.82%
- Published 14.04.2006 10:02:00
- Last modified 03.04.2025 01:03:51
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
Data is provided by the National Vulnerability Database (NVD)
Mozilla ≫ Mozilla Suite Version < 1.7.13
Canonical ≫ Ubuntu Linux Version4.10
Canonical ≫ Ubuntu Linux Version5.04
Canonical ≫ Ubuntu Linux Version5.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 1.82% | 0.821 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.