Home > Vulnerability Database > CVE-2006-1736

Mend.io Vulnerability Database

CVE-2006-1736

Date: April 14, 2006

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.

Severity Score

3.7

Related Resources (35)

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1548

Url: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

Url: http://secunia.com/advisories/19759

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/25814

Url: http://secunia.com/advisories/19631

Url: http://secunia.com/advisories/19852

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-1736

Url: http://www.securityfocus.com/archive/1/438730/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:075

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=293527

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

Url: http://www.debian.org/security/2006/dsa-1051

Url: http://secunia.com/advisories/21033

Url: http://www.debian.org/security/2006/dsa-1044

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Url: http://www.debian.org/security/2006/dsa-1046

Url: http://secunia.com/advisories/19902

Url: http://secunia.com/advisories/19746

Url: http://secunia.com/advisories/19941

Url: http://secunia.com/advisories/19721

Url: http://secunia.com/advisories/19862

Url: http://secunia.com/advisories/19863

Url: https://usn.ubuntu.com/271-1/

Url: http://secunia.com/advisories/19794

Url: http://secunia.com/advisories/21622

Url: http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

Url: http://www.mozilla.org/security/announce/2006/mfsa2006-13.html

Url: https://usn.ubuntu.com/275-1/

Url: http://www.securityfocus.com/bid/17516

Url: http://www.vupen.com/english/advisories/2006/1356

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

Url: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

Url: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

Url: https://www.mend.io/vulnerability-database/CVE-2006-1736

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-1736

Date: April 14, 2006

Severity Score

Related Resources (35)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?