JVN/CVE Demo: Nvdinfos

NVD

Id: 61579
Name: CVE-2006-2894
Description: Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Reject
CVSS Version: 2
CVSS Score: 4
Severity: Medium
CVSS Base Score: 4
CVSS Impact Subscore: 4.9
CVSS Exploit Subscore: 4.9
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
Pub Date: 2016-12-20
Published: 2006-06-07
Modified Date: 2013-07-03
Seq: 2006-2894

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
318519	61579	CVE-2006-2894	20070211 Firefox focus stealing vulnerability (possibly other browsers)	View
318520	61579	CVE-2006-2894	20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)	View
318521	61579	CVE-2006-2894	SSRT061181	View
318522	61579	CVE-2006-2894	http://lcamtuf.coredump.cx/focusbug/	View
318523	61579	CVE-2006-2894	20060605 file upload widgets in IE and Firefox have issues	View
318524	61579	CVE-2006-2894	20070211 Firefox focus stealing vulnerability (possibly other browsers)	View
318525	61579	CVE-2006-2894	1059	View
318526	61579	CVE-2006-2894	1018837	View
318527	61579	CVE-2006-2894	201516	View
318528	61579	CVE-2006-2894	http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html	View
318529	61579	CVE-2006-2894	http://www.gnucitizen.org/blog/browser-focus-rip	View
318530	61579	CVE-2006-2894	MDKSA-2007:202	View
318531	61579	CVE-2006-2894	MDKSA-2006:143	View
318532	61579	CVE-2006-2894	MDKSA-2006:145	View
318533	61579	CVE-2006-2894	http://www.mozilla.org/security/announce/2007/mfsa2007-32.html	View
318534	61579	CVE-2006-2894	SUSE-SA:2007:057	View
318535	61579	CVE-2006-2894	20071026 rPSA-2007-0225-1 firefox	View
318536	61579	CVE-2006-2894	20071029 FLEA-2007-0062-1 firefox	View
318537	61579	CVE-2006-2894	20071029 rPSA-2007-0225-2 firefox thunderbird	View
318538	61579	CVE-2006-2894	18308	View
318539	61579	CVE-2006-2894	http://www.thanhngan.org/fflinuxversion.html	View
318540	61579	CVE-2006-2894	USN-536-1	View
318541	61579	CVE-2006-2894	USN-535-1	View
318542	61579	CVE-2006-2894	ADV-2006-2160	View
318543	61579	CVE-2006-2894	ADV-2006-2162	View
318544	61579	CVE-2006-2894	ADV-2006-2163	View
318545	61579	CVE-2006-2894	ADV-2006-2164	View
318546	61579	CVE-2006-2894	ADV-2007-3544	View
318547	61579	CVE-2006-2894	ADV-2008-0083	View
318548	61579	CVE-2006-2894	https://bugzilla.mozilla.org/show_bug.cgi?id=290478	View
318549	61579	CVE-2006-2894	https://bugzilla.mozilla.org/show_bug.cgi?id=370092	View
318550	61579	CVE-2006-2894	https://bugzilla.mozilla.org/show_bug.cgi?id=56236	View
318551	61579	CVE-2006-2894	https://issues.rpath.com/browse/RPL-1858	View
318552	61579	CVE-2006-2894	FEDORA-2007-2664	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
58712	JVNDB-2006-000978	Mozilla Firefox/SeaMonkey のフォーカス処理における情報漏えいの脆弱性	Mozilla Firefox および SeaMonkey において、OnKeyDown, OnKeyPress, and OnKeyUp イベントのフォーカス処理に不備があり、キーストロークをコピーされる情報漏えいの脆弱性が存在します。	CVE-2006-2894	18996	CVE-2006-2894	61579	4		http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000978.html	2006-06-07	2008-01-23	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.32 MB
View render complete	21.58 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	3.67
Event: Controller.initialize	0.02
Event: Controller.startup	0.07
Controller action	272.51
Event: Controller.beforeRender	4.26
» Processing toolbar data	4.17
Rendering View	917.99
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	855.93
» Event: View.afterRender	0.04
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	31.48
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	5.95
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/rvm/gems/ruby-3.0.2/bin:/usr/local/rvm/gems/ruby-3.0.2@global/bin:/usr/local/rvm/rubies/ruby-3.0.2/bin:/usr/share/Modules/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/local/rvm/bin:/var/lib/snapd/snap/bin:/root/bin:/sbin:/usr/local/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/61579
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/61579
Remote Port	5137
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.9
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Ld Library Path	/usr/local/apache24/lib
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.3.106.90
Http Via	1.1 squid-proxy-75b5465b89-hxwhd (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.9
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.9
Unique Id	aC-B-4p3jFRIAbC6WXDC9QAAAZI
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.9
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.9
Redirect Unique Id	aC-B-4p3jFRIAbC6WXDC9QAAAZI
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.9
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.9
Redirect Redirect Unique Id	aC-B-4p3jFRIAbC6WXDC9QAAAZI
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1747943931.4646
Request Time	1747943931

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files