Mozilla Foundation Security Advisory 2007-22

Type securityvulns
Reporter Securityvulns
Modified 2007-07-19T00:00:00


Mozilla Foundation Security Advisory 2007-22 Title: File type confusion due to %00 in name Impact: Low Announced: July 17, 2007 Reporter: Ronald van den Heetkamp Products: Firefox

Fixed in: Firefox Description Ronald van den Heetkamp reported that a filename URL containing %00 (encoded null) can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally.

References CVE-2007-3285