CVE-2006-1736

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.x before 1.5 Mozilla Firefox versions 1.0.x before 1.0.8 Mozilla Suite versions prior to 1.7.13 SeaMonkey versions prior to 1.0

Description: The issue allows remote attackers to trick users into downloading and saving an executable file. This is achieved by using an image that is overlaid by a transparent image link pointing to the executable. When the user clicks the "Save image as..." option, the executable is saved. The attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.

Recommendations: For Mozilla Firefox versions 1.x before 1.5, update to version 1.5 or later. For Mozilla Firefox versions 1.0.x before 1.0.8, update to version 1.0.8 or later. For Mozilla Suite versions prior to 1.7.13, update to version 1.7.13 or later. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.