CVE-2006-2894

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-2894. PoCs published by Jesse Ruderman.

AI-analyzed exploit summary This exploit demonstrates a JavaScript key-filtering vulnerability in multiple web browsers, allowing attackers to divert keystrokes from a visible input form to a hidden file-upload dialog. It requires user interaction to manually type a file path, potentially leading to unintended file uploads.

Description

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Jesse Ruderman · htmlremotewindows

https://www.exploit-db.com/exploits/27986

View Code ZIP pw:eip

This exploit demonstrates a JavaScript key-filtering vulnerability in multiple web browsers, allowing attackers to divert keystrokes from a visible input form to a hidden file-upload dialog. It requires user interaction to manually type a file path, potentially leading to unintended file uploads.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Mozilla Suite, Mozilla Firefox, Mozilla SeaMonkey, Netscape Navigator, Microsoft Internet Explorer (versions from 2006)

No auth needed

Prerequisites: User interaction to type specific file paths · Victim must visit a malicious webpage

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Jesse Ruderman · htmlremotelinux

https://www.exploit-db.com/exploits/27987

View Code ZIP pw:eip

This exploit demonstrates a JavaScript key-filtering vulnerability in multiple web browsers, allowing attackers to divert keystrokes from a visible input form to a hidden file-upload dialog. It requires user interaction to manually type a file path, potentially leading to unintended file uploads.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Mozilla Suite, Mozilla Firefox, Mozilla SeaMonkey, Netscape Navigator, Microsoft Internet Explorer

No auth needed

Prerequisites: User interaction to type specific keystrokes · Victim must visit a malicious webpage

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (45)

Core 45

Core References

Various Sources x_refsource_misc

http://lcamtuf.coredump.cx/focusbug/

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1858

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/482876/100/200/threaded

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27414

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/482925/100/0/threaded

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2163

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1059

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27298

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1018837

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3544

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20470

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/535-1/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20472

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20467

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2160

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27383

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21532

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0083

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27387

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2164

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18308

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27403

Issue Tracking x_refsource_misc

https://bugzilla.mozilla.org/show_bug.cgi?id=56236

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html

Various Sources mailing-list x_refsource_fulldisc

http://lists.virus.org/full-disclosure-0702/msg00225.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2162

Issue Tracking x_refsource_misc

https://bugzilla.mozilla.org/show_bug.cgi?id=290478

Various Sources x_refsource_confirm

http://www.mozilla.org/security/announce/2007/mfsa2007-32.html

Exploit mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html

Various Sources x_refsource_misc

http://www.thanhngan.org/fflinuxversion.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27335

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20442

Various Sources x_refsource_misc

http://www.gnucitizen.org/blog/browser-focus-rip

Vendor Advisory x_refsource_confirm

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/482932/100/200/threaded

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=370092

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-536-1

Mozilla Firefox <2.0.0.8 - Info Disclosure

Exploitation Summary

Description

Exploits (2)

References (45)

Scores

Details