Red Hat Bugzilla – Bug 188839
CVE-2006-1729 File stealing by changing input type
Last modified: 2007-11-30 17:11:30 EST
File stealing by changing input type
Claus JÃ¸rgensen reports that a text input box can be pre-filled with a
filename and then turned into a file-upload control with the contents
intact, allowing a malicious website the ability to steal any local file
whose name they can guess.
Jesse Ruderman reports a variation, changing the type of the input control
in an event handler to work around some of the initial checks.
Upgrade to fixed version.
This issue also affects FC4
These issues have been resolved in FEDORA-2006-411 for FC5 and FEDORA-2006-410