File Upload Vulnerability in Mozilla Firefox and Related Products
CVE-2006-2894

Currently unrated

Key Information:

Vendor

Mozilla
Status
Seamonkey
Mozilla Suite
Firefox
Navigator
Vendor
CVE Published:
7 June 2006

What is CVE-2006-2894?

A vulnerability in multiple versions of Mozilla Firefox and related products allows user-assisted remote attackers to read arbitrary files. By deceiving a user into inputting the characters of a target filename in a text box, malicious actors exploit JavaScript keystroke events such as OnKeyDown, OnKeyPress, and OnKeyUp to manipulate focus. This may lead to those characters being inserted into a file upload control. Consequently, a user inadvertently uploads sensitive files upon form submission, thereby compromising user data security.

References

http://www.securityfocus.com/archive/1/482876/100/200/thr...
mailing-listx_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDKSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://lcamtuf.coredump.cx/focusbug/
x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2006-2894 : File Upload Vulnerability in Mozilla Firefox and Related Products