The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.
References
Link | Resource |
---|---|
http://secunia.com/advisories/12979 | Exploit Patch Vendor Advisory |
http://secunia.com/secunia_research/2004-11/advisory/ | Exploit Patch Vendor Advisory |
http://www.osvdb.org/16432 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:43
Updated: 2022-10-03T16:22:43
Reserved: 2022-10-03T00:00:00
Link: CVE-2005-1576
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-05-12T04:00:00.000
Modified: 2008-09-05T20:49:30.980
Link: CVE-2005-1576
JSON object: View
Redhat Information
No data.
CWE