CVE-2006-2894

Exp

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Published: 2006-06-07 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-2894 is rated High Exploit Risk (63/100): CVSS Medium severity, with high exploitation likelihood (EPSS 6.91%, 91th percentile). 3 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2006-2894

EDB-ID Source Kind Published Link
27986 exploit_db edb 2006-06-06 Exploit-DB ↗
27987 exploit_db edb 2006-06-06 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2006-2894

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-05-10 6.73% 6.91% +0.17%
2 2025-03-30 12.37% 6.73% -5.63%
3 2025-03-29 12.37%

Full EPSS history (16 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-2894

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.0 2.0 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:H)
Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 4.9 4.9 [email protected]

Weakness enumeration for CVE-2006-2894

OS Trackers for CVE-2006-2894

vendor priority summary link
ubuntu low CVE-2006-2894 low priority: Ubuntu including 3 source packages (firefox, mozilla-thunderbird, thunderbird), 10 status rows across 5 suites (dapper, edgy, feisty, gutsy, upstream): released 9, needs-triage 1. https://ubuntu.com/security/CVE-2006-2894

Affected software / configurations for CVE-2006-2894

Vendor Product Version Raw CPE
mozilla firefox <= 2.0.0.8 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla firefox 1.5.0.4 cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
mozilla mozilla_suite 1.7.13 cpe:2.3:a:mozilla:mozilla_suite:1.7.13:*:*:*:*:*:*:*
mozilla seamonkey <= 1.1.4 cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozilla seamonkey 1.0.2 cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
netscape navigator <= 8.1 cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*

References for CVE-2006-2894

URL Tags
http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html
http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lcamtuf.coredump.cx/focusbug/
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html Exploit
http://lists.virus.org/full-disclosure-0702/msg00225.html
http://secunia.com/advisories/20442 Vendor Advisory
http://secunia.com/advisories/20467 Vendor Advisory
http://secunia.com/advisories/20470 Vendor Advisory
http://secunia.com/advisories/20472 Vendor Advisory
http://secunia.com/advisories/21532 Vendor Advisory
http://secunia.com/advisories/27298 Vendor Advisory
http://secunia.com/advisories/27335 Vendor Advisory
http://secunia.com/advisories/27383 Vendor Advisory
http://secunia.com/advisories/27387 Vendor Advisory
http://secunia.com/advisories/27403 Vendor Advisory
http://secunia.com/advisories/27414 Vendor Advisory
http://securityreason.com/securityalert/1059
http://securitytracker.com/id?1018837
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.gnucitizen.org/blog/browser-focus-rip
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
http://www.securityfocus.com/archive/1/482876/100/200/threaded
http://www.securityfocus.com/archive/1/482925/100/0/threaded
http://www.securityfocus.com/archive/1/482932/100/200/threaded
http://www.securityfocus.com/bid/18308
http://www.thanhngan.org/fflinuxversion.html
http://www.ubuntu.com/usn/usn-536-1
http://www.vupen.com/english/advisories/2006/2160 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2162 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2163 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2164 Vendor Advisory
http://www.vupen.com/english/advisories/2007/3544 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0083 Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=290478
https://bugzilla.mozilla.org/show_bug.cgi?id=370092
https://bugzilla.mozilla.org/show_bug.cgi?id=56236
https://issues.rpath.com/browse/RPL-1858
https://usn.ubuntu.com/535-1/
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
cvelogic Threat Intelligence