Launchpad.net

CVE 2006-1736

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
MISC: https://bugzilla.mozil...
BID: 17516
SECUNIA: 19631
DEBIAN: DSA-1044
GENTOO: GLSA-200604-12
SECUNIA: 19759
SECUNIA: 19794
DEBIAN: DSA-1046
GENTOO: GLSA-200604-18
SECUNIA: 19852
SECUNIA: 19862
SECUNIA: 19863
SECUNIA: 19902
DEBIAN: DSA-1051
SECUNIA: 19941
SUSE: SUSE-SA:2006:021
SECUNIA: 19721
SECUNIA: 19746
SCO: SCOSA-2006.26
SECUNIA: 21033
SUNALERT: 102550
SECUNIA: 21622
CONFIRM: http://support.avaya.c...
MANDRIVA: MDKSA-2006:075
MANDRIVA: MDKSA-2006:076
SUNALERT: 228526
VUPEN: ADV-2006-1356
XF: mozilla-saveimageas-ex...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-275-1
UBUNTU: USN-271-1
HP: HPSBUX02122
HP: SSRT061158

Launchpad.net

CVE 2006-1736

Related bugs

References