Mozilla Firefox File Download Truncation Extension Spoofing

2004-02-15T05:17:09
ID OSVDB:11591
Type osvdb
Reporter Gabriel Cabillón(), Wolfgang Schwarz()
Modified 2004-02-15T05:17:09

Description

Vulnerability Description

Firefox contains a flaw that may allow a malicious user to spoof file extensions in the file download dialog. The issue is due to the truncation of long filenames. It is possible that the flaw may allow an attacker spoof the file extension resulting in a loss of integrity.

Solution Description

Upgrade to version 1.0 Preview Release or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Firefox contains a flaw that may allow a malicious user to spoof file extensions in the file download dialog. The issue is due to the truncation of long filenames. It is possible that the flaw may allow an attacker spoof the file extension resulting in a loss of integrity.

References:

Vendor URL: http://www.mozilla.org/ Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=234416 Secunia Advisory ID:13144 Secunia Advisory ID:13724 Related OSVDB ID: 11590 Related OSVDB ID: 11592 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200501-03.xml CVE-2004-2227