CVE-2006-1736 — LOW (2.6) — White Hats Nepal

Q: How severe is CVE-2006-1736?

CVE-2006-1736 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-1736?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite, Mozilla Seamonkey, Mozilla Thunderbird.

Vulnerability Description

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	<= 1.0.7
Mozilla	Mozilla Suite	<= 1.7.12
Mozilla	Seamonkey	<= 1.0
Mozilla	Thunderbird	<= 1.0.7

References

FAQ

What is CVE-2006-1736?

CVE-2006-1736 is a vulnerability with a CVSS score of 2.6 (LOW). Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via a...

How severe is CVE-2006-1736?

CVE-2006-1736 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-1736?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite, Mozilla Seamonkey, Mozilla Thunderbird.