CVE-2006-2894

Mozilla Firefox 1.x - JavaScript Key Filtering

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-06-06 First Exploit
2006-06-07 CVE Reserved
2006-06-07 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (47)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html	Mailing List
http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html	Mailing List
http://lcamtuf.coredump.cx/focusbug	X_refsource_misc
http://lists.virus.org/full-disclosure-0702/msg00225.html	Mailing List
http://securityreason.com/securityalert/1059	Third Party Advisory
http://securitytracker.com/id?1018837	Vdb Entry
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html	X_refsource_confirm
http://www.gnucitizen.org/blog/browser-focus-rip	X_refsource_misc
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html	X_refsource_confirm
http://www.securityfocus.com/archive/1/482876/100/200/threaded	Mailing List
http://www.securityfocus.com/archive/1/482925/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/482932/100/200/threaded	Mailing List
http://www.securityfocus.com/bid/18308	Vdb Entry
http://www.thanhngan.org/fflinuxversion.html	X_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=290478	X_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=370092	X_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=56236	X_refsource_misc
https://issues.rpath.com/browse/RPL-1858	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/27987	2006-06-06
https://www.exploit-db.com/exploits/27986	2006-06-06
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	2018-10-18
http://secunia.com/advisories/20442	2018-10-18
http://secunia.com/advisories/20467	2018-10-18
http://secunia.com/advisories/20470	2018-10-18
http://secunia.com/advisories/20472	2018-10-18
http://secunia.com/advisories/21532	2018-10-18
http://secunia.com/advisories/27298	2018-10-18
http://secunia.com/advisories/27335	2018-10-18
http://secunia.com/advisories/27383	2018-10-18
http://secunia.com/advisories/27387	2018-10-18
http://secunia.com/advisories/27403	2018-10-18
http://secunia.com/advisories/27414	2018-10-18
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	2018-10-18
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202	2018-10-18
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143	2018-10-18
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145	2018-10-18
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html	2018-10-18
http://www.ubuntu.com/usn/usn-536-1	2018-10-18
http://www.vupen.com/english/advisories/2006/2160	2018-10-18
http://www.vupen.com/english/advisories/2006/2162	2018-10-18
http://www.vupen.com/english/advisories/2006/2163	2018-10-18
http://www.vupen.com/english/advisories/2006/2164	2018-10-18
http://www.vupen.com/english/advisories/2007/3544	2018-10-18
http://www.vupen.com/english/advisories/2008/0083	2018-10-18
https://usn.ubuntu.com/535-1	2018-10-18
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html	2018-10-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				<= 2.0.0.8 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Mozilla Suite Search vendor "Mozilla" for product "Mozilla Suite"				1.7.13 Search vendor "Mozilla" for product "Mozilla Suite" and version "1.7.13"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				<= 1.1.4 Search vendor "Mozilla" for product "Seamonkey" and version " <= 1.1.4"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2"		-		Affected
Netscape Search vendor "Netscape"		Navigator Search vendor "Netscape" for product "Navigator"				<= 8.1 Search vendor "Netscape" for product "Navigator" and version " <= 8.1"		-		Affected