CVE-2005-0587 — Link Following in Mozilla Firefox

CWE-59 — Link Following CWE-64 — Windows Shortcut Following (.LNK)6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 22.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla

Timeline

PublishedMar 25

Latest updateMay 1

Description

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmozilla/firefox< 1.0.1

▶NVDmozilla/mozilla< 1.7.6

🔴Vulnerability Details

GHSA

GHSA-2v24-xp2p-2gfc: Firefox before 1↗2022-05-01

▶

CVEList

CVE-2005-0587: Firefox before 1↗2005-02-28

▶

📋Vendor Advisories

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

📐Framework References

CWE

Windows Shortcut Following (.LNK)↗

▶

CWE

Improper Link Resolution Before File Access ('Link Following')↗

▶