Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-10-29T14:00:00
Updated: 2017-09-18T12:57:01
Reserved: 2009-09-24T00:00:00
Link: CVE-2009-3376
JSON object: View
NVD Information
Status : Modified
Published: 2009-10-29T14:30:00.983
Modified: 2018-10-30T16:25:57.607
Link: CVE-2009-3376
JSON object: View
Redhat Information
No data.
CWE