RedhatCVELIST:CVE-2006-1736CVE-2006-1736
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the “Save image as…” option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.
References
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
secunia.com/advisories/19631
secunia.com/advisories/19721
secunia.com/advisories/19746
secunia.com/advisories/19759
secunia.com/advisories/19794
secunia.com/advisories/19852
secunia.com/advisories/19862
secunia.com/advisories/19863
secunia.com/advisories/19902
secunia.com/advisories/19941
secunia.com/advisories/21033
secunia.com/advisories/21622
sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
support.avaya.com/elmodocs2/security/ASA-2006-205.htm
www.debian.org/security/2006/dsa-1044
www.debian.org/security/2006/dsa-1046
www.debian.org/security/2006/dsa-1051
www.gentoo.org/security/en/glsa/glsa-200604-12.xml
www.gentoo.org/security/en/glsa/glsa-200604-18.xml
www.mandriva.com/security/advisories?name=MDKSA-2006:075
www.mandriva.com/security/advisories?name=MDKSA-2006:076
www.mozilla.org/security/announce/2006/mfsa2006-13.html
www.securityfocus.com/archive/1/438730/100/0/threaded
www.securityfocus.com/bid/17516
www.vupen.com/english/advisories/2006/1356
bugzilla.mozilla.org/show_bug.cgi?id=293527
exchange.xforce.ibmcloud.com/vulnerabilities/25814
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1548
usn.ubuntu.com/271-1/
usn.ubuntu.com/275-1/
Related
