Lucene search

K

MitreCVELIST:CVE-2005-0230

HistoryFeb 10, 2005 - 5:00 a.m.

CVE-2005-0230

2005-02-1005:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.575 Medium

EPSS

Percentile

97.7%

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka “firedragging.”

References

marc.info/?l=bugtraq&m=110780995232064&w=2

secunia.com/advisories/19823

www.gentoo.org/security/en/glsa/glsa-200503-10.xml

www.gentoo.org/security/en/glsa/glsa-200503-30.xml

www.mikx.de/firedragging/

www.mozilla.org/security/announce/mfsa2005-25.html

www.novell.com/linux/security/advisories/2006_04_25.html

www.securityfocus.com/bid/12468

bugzilla.mozilla.org/show_bug.cgi?id=279945

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033

6.8 Medium

AI Score

Confidence

High

0.575 Medium

EPSS

Percentile

97.7%

Related for CVELIST:CVE-2005-0230

nvd1 ubuntucve1 checkpoint_advisories1 cve1 nessus4 openvas5 gentoo2 suse2 ubuntu1