Mozilla Foundation Security Advisory 2007-22

2007-07-19T00:00:00
ID SECURITYVULNS:DOC:17524
Type securityvulns
Reporter Securityvulns
Modified 2007-07-19T00:00:00

Description

Mozilla Foundation Security Advisory 2007-22 Title: File type confusion due to %00 in name Impact: Low Announced: July 17, 2007 Reporter: Ronald van den Heetkamp Products: Firefox

Fixed in: Firefox 2.0.0.5 Description Ronald van den Heetkamp reported that a filename URL containing %00 (encoded null) can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally.

References https://bugzilla.mozilla.org/show_bug.cgi?id=383478 CVE-2007-3285