ID CVE-2006-1736
Summary Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. Fixed in: Firefox 1.5 Firefox 1.0.8 SeaMonkey 1.0 Mozilla Suite 1.7.13
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2018 - 16:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
oval via4
accepted 2007-05-09T16:10:54.838-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
description Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.
family windows
id oval:org.mitre.oval:def:1548
status accepted
submitted 2006-05-07T09:05:00.000-04:00
title Mozilla Downloading Executables with "Save Image As..."
version 4
refmap via4
bid 17516
confirm
debian
  • DSA-1044
  • DSA-1046
  • DSA-1051
gentoo
  • GLSA-200604-12
  • GLSA-200604-18
hp
  • HPSBUX02122
  • SSRT061158
mandriva
  • MDKSA-2006:075
  • MDKSA-2006:076
misc https://bugzilla.mozilla.org/show_bug.cgi?id=293527
sco SCOSA-2006.26
secunia
  • 19631
  • 19721
  • 19746
  • 19759
  • 19794
  • 19852
  • 19862
  • 19863
  • 19902
  • 19941
  • 21033
  • 21622
sunalert
  • 102550
  • 228526
suse SUSE-SA:2006:021
ubuntu
  • USN-271-1
  • USN-275-1
vupen ADV-2006-1356
xf mozilla-saveimageas-ext-spoofing(25814)
Last major update 18-10-2018 - 16:35
Published 14-04-2006 - 10:02
Back to Top