CVE-2005-1576 — Mozilla Firefox vulnerability

2 documents2 sources

Severity

2.6LOWNVD

EPSS

0.5%

top 34.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedMay 12

Latest updateMay 1

Description

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox0.10.1, 1.0+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-g44f-f9f6-4fxr: The file download dialog in Mozilla Firefox 0↗2022-05-01

▶