Red Hat Bugzilla – Bug 188804
CVE-2006-1729 File stealing by changing input type
Last modified: 2007-11-30 17:11:30 EST
File stealing by changing input type
Claus JÃ¸rgensen reports that a text input box can be pre-filled with a
filename and then turned into a file-upload control with the contents
intact, allowing a malicious website the ability to steal any local file
whose name they can guess.
Jesse Ruderman reports a variation, changing the type of the input control
in an event handler to work around some of the initial checks.
Upgrade to fixed version.
This issue also affects FC4
This bug was fixed for FC4 in Fedora Update FEDORA-2006-488
This bug was fixed for FC5 in Fedora Update FEDORA-2006-487