CVE-2006-2782

Published: Jun 2, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.

Affected (2)

Products: Mozilla: Firefox, Seamonkey

Mozilla

2 products

Firefox

Seamonkey

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 1.5.0.3
Mozilla Seamonkey	Up to 1.0.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (78)

http://rhn.redhat.com/errata/RHSA-2006-0609.html

Source: cve@mitre.org

http://secunia.com/advisories/20376

Source: cve@mitre.org

http://secunia.com/advisories/20561

Source: cve@mitre.org

http://secunia.com/advisories/21134

Source: cve@mitre.org

http://secunia.com/advisories/21176

Source: cve@mitre.org

http://secunia.com/advisories/21178

Source: cve@mitre.org

http://secunia.com/advisories/21183

Source: cve@mitre.org

http://secunia.com/advisories/21188

Source: cve@mitre.org

http://secunia.com/advisories/21269

Source: cve@mitre.org

http://secunia.com/advisories/21270

Source: cve@mitre.org

http://secunia.com/advisories/21324

Source: cve@mitre.org

http://secunia.com/advisories/21336

Source: cve@mitre.org

http://secunia.com/advisories/21532

Source: cve@mitre.org

http://secunia.com/advisories/21631

Source: cve@mitre.org

http://secunia.com/advisories/22066

Source: cve@mitre.org

http://securitytracker.com/id?1016202

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1118

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1120

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1134

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2006/mfsa2006-41.html

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_35_mozilla.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0578.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0594.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0610.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0611.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/435795/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/446658/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18228

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2106

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3748

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0083

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26851

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10429

Source: cve@mitre.org

https://usn.ubuntu.com/296-1/

Source: cve@mitre.org

https://usn.ubuntu.com/296-2/

Source: cve@mitre.org

https://usn.ubuntu.com/323-1/

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2006-0609.html