Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0230

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-0230
Last Modified 07 Mar 2011 09:19:42
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-0230

Summary

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."

Vulnerable Systems

Application

  • Mozilla Firefox 1.0


References

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-25.html

GENTOO - GLSA-200503-30

GENTOO - GLSA-200503-10

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=279945

BID - 12468

SUSE - SUSE-SA:2006:004

MISC - http://www.mikx.de/firedragging/

BUGTRAQ - 20050207 Firedragging [Firefox 1.0]

SECUNIA - 19823

SUSE - SUSE-SA:2006:022


Last Updated: 27 May 2016 10:39:19