Back to search
CVE-2005-0230
Published: Feb 10, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.mozilla.org/security/announce/mfsa2005-25.html
x_refsource_CONFIRM
oval:org.mitre.oval:def:100033
vdb-entry
signature
x_refsource_OVAL
19823
third-party-advisory
x_refsource_SECUNIA
20050207 Firedragging [Firefox 1.0]
mailing-list
x_refsource_BUGTRAQ
http://www.mikx.de/firedragging/
x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=279945
x_refsource_CONFIRM
GLSA-200503-30
vendor-advisory
x_refsource_GENTOO
GLSA-200503-10
vendor-advisory
x_refsource_GENTOO
SUSE-SA:2006:022
vendor-advisory
x_refsource_SUSE
12468
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now