QwikSec

Security Database

CVE

CWE

Training

CVE-2006-2894

Published: Jun 7, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20071026 rPSA-2007-0225-1 firefox

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_MANDRIVA

http://lcamtuf.coredump.cx/focusbug/

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

20071029 FLEA-2007-0062-1 firefox

mailing-list

x_refsource_BUGTRAQ

https://issues.rpath.com/browse/RPL-1858

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

20070211 Firefox focus stealing vulnerability (possibly other browsers)

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SREASON

vendor-advisory

x_refsource_HP

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

SUSE-SA:2007:057

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.mozilla.org/show_bug.cgi?id=56236

x_refsource_MISC

20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)

mailing-list

x_refsource_BUGTRAQ

20070211 Firefox focus stealing vulnerability (possibly other browsers)

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_VUPEN

https://bugzilla.mozilla.org/show_bug.cgi?id=290478

x_refsource_MISC

http://www.mozilla.org/security/announce/2007/mfsa2007-32.html

x_refsource_CONFIRM

20060605 file upload widgets in IE and Firefox have issues

mailing-list

x_refsource_FULLDISC

http://www.thanhngan.org/fflinuxversion.html

x_refsource_MISC

vendor-advisory

x_refsource_HP

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

FEDORA-2007-2664

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

http://www.gnucitizen.org/blog/browser-focus-rip

x_refsource_MISC

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_SUNALERT

20071029 rPSA-2007-0225-2 firefox thunderbird

mailing-list

x_refsource_BUGTRAQ

https://bugzilla.mozilla.org/show_bug.cgi?id=370092

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.