NVD Vulnerability Detail

CVE-2006-1736

Summary	Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.
Summary	Fixed in: Firefox 1.5 Firefox 1.0.8 SeaMonkey 1.0 Mozilla Suite 1.7.13
Publication Date	April 14, 2006, 7:02 p.m.
Registration Date	Jan. 29, 2021, 3:35 p.m.
Last Update	Oct. 19, 2018, 1:35 a.m.

CVSS2.0 : LOW
Score	2.6
Vector	AV:N/AC:H/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.0.7
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:::::::*
cpe:2.3:a:mozilla:mozilla_suite::::::::		1.7.12
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey::beta::::::*		1.0
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		1.0.7
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::

Related information, measures and tools

No	URL	refsource
1	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt	SCO
2	http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html	SUSE
3	http://secunia.com/advisories/19631	SECUNIA
4	http://secunia.com/advisories/19721	SECUNIA
5	http://secunia.com/advisories/19746	SECUNIA
6	http://secunia.com/advisories/19759	SECUNIA
7	http://secunia.com/advisories/19794	SECUNIA
8	http://secunia.com/advisories/19852	SECUNIA
9	http://secunia.com/advisories/19862	SECUNIA
10	http://secunia.com/advisories/19863	SECUNIA
11	http://secunia.com/advisories/19902	SECUNIA
12	http://secunia.com/advisories/19941	SECUNIA
13	http://secunia.com/advisories/21033	SECUNIA
14	http://secunia.com/advisories/21622	SECUNIA
15	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1	SUNALERT
16	http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1	SUNALERT
17	http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm	CONFIRM
18	http://www.debian.org/security/2006/dsa-1044	DEBIAN
19	http://www.debian.org/security/2006/dsa-1046	DEBIAN
20	http://www.debian.org/security/2006/dsa-1051	DEBIAN
21	http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml	GENTOO
22	http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml	GENTOO
23	http://www.mandriva.com/security/advisories?name=MDKSA-2006:075	MANDRIVA
24	http://www.mandriva.com/security/advisories?name=MDKSA-2006:076	MANDRIVA
25	http://www.mozilla.org/security/announce/2006/mfsa2006-13.html	CONFIRM
26	http://www.securityfocus.com/archive/1/438730/100/0/threaded	HP
27	http://www.securityfocus.com/bid/17516	BID
28	http://www.vupen.com/english/advisories/2006/1356	VUPEN
29	https://bugzilla.mozilla.org/show_bug.cgi?id=293527	MISC
30	https://exchange.xforce.ibmcloud.com/vulnerabilities/25814	XF
31	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1548	OVAL
32	https://usn.ubuntu.com/271-1/	UBUNTU
33	https://usn.ubuntu.com/275-1/	UBUNTU

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.0.7
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:::::::*
cpe:2.3:a:mozilla:mozilla_suite::::::::		1.7.12
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey::beta::::::*		1.0
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		1.0.7
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::