Lucene search

[email protected]CVE-2005-0230

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0230

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

firefox 1.0

file dragging

malformed gif

remote execution

cve-2005-0230

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.575 Medium

EPSS

Percentile

97.7%

JSON

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka “firedragging.”

Affected configurations

NVD

Node

mozillafirefoxMatch1.0

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq1.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	1.0

References

marc.info/?l=bugtraq&m=110780995232064&w=2

secunia.com/advisories/19823

www.gentoo.org/security/en/glsa/glsa-200503-10.xml

www.gentoo.org/security/en/glsa/glsa-200503-30.xml

www.mikx.de/firedragging/

www.mozilla.org/security/announce/mfsa2005-25.html

www.novell.com/linux/security/advisories/2006_04_25.html

www.securityfocus.com/bid/12468

bugzilla.mozilla.org/show_bug.cgi?id=279945

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.575 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2005-0230

cvelist1 nvd1 ubuntucve1 checkpoint_advisories1 nessus4 gentoo2 openvas5 suse2 ubuntu1