File Overwrite

2020-04-1000:38:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

firefox is vulnerable to file overwrite. The vulnerability exists as a flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents.

CPENameOperatorVersion
firefoxeq1.5.0.12__0.15.el4
firefoxeq3.0.1__1.el5
firefoxeq1.5.0.9__0.1.el4
firefoxeq1.5.0.5__0.el4.1
firefoxeq1.5.0.8__0.1.el4
firefoxeq3.0.5__1.el5_2
firefoxeq1.5.0.12__0.7.el4
firefoxeq1.5.0.12__0.10.el4
firefoxeq3.0.1__1.el4
firefoxeq1.5.0.7__0.1.el4

Name	Operator	Version
firefox	eq	1.5.0.12__0.15.el4
firefox	eq	3.0.1__1.el5
firefox	eq	1.5.0.9__0.1.el4
firefox	eq	1.5.0.5__0.el4.1
firefox	eq	1.5.0.8__0.1.el4
firefox	eq	3.0.5__1.el5_2
firefox	eq	1.5.0.12__0.7.el4
firefox	eq	1.5.0.12__0.10.el4
firefox	eq	3.0.1__1.el4
firefox	eq	1.5.0.7__0.1.el4