Bug 188839 – CVE-2006-1729 File stealing by changing input type

Bug 188839 - CVE-2006-1729 File stealing by changing input type

Summary:	CVE-2006-1729 File stealing by changing input type

Status:	CLOSED ERRATA

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	firefox (Show other bugs)
Sub Component:
Version:	5
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Christopher Aillon
QA Contact:
Docs Contact:

URL:
Whiteboard:	reported=20060412,source=mozilla,emba...
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2006-04-12 23:34 EDT by Josh Bressers
Modified:	2007-11-30 17:11 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-04-27 08:53:55 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Josh Bressers 2006-04-12 23:34:49 EDT

File stealing by changing input type


Claus JÃ¸rgensen reports that a text input box can be pre-filled with a
filename  and then turned into a file-upload control with the contents
intact, allowing a malicious website the ability to steal any local file
whose name they can guess.

Jesse Ruderman reports a variation, changing the type of the input control
in an event handler to work around some of the initial checks.

Workaround

Upgrade to fixed version.

References

[1]https://bugzilla.mozilla.org/show_bug.cgi?id=325947
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328566


This issue also affects FC4

Comment 1 Josh Bressers 2006-04-27 08:53:55 EDT

These issues have been resolved in FEDORA-2006-411 for FC5 and FEDORA-2006-410
for FC4

Note You need to log in before you can comment on or make changes to this bug.