5.1

CVE-2005-0230

Exploit

EPSS 2.21%
Published 02.05.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.21%	0.829

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/19823

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml

Patch

Vendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml

Patch

Vendor Advisory

http://marc.info/?l=bugtraq&m=110780995232064&w=2

http://www.mikx.de/firedragging/

Exploit

http://www.mozilla.org/security/announce/mfsa2005-25.html

Patch

http://www.securityfocus.com/bid/12468

https://bugzilla.mozilla.org/show_bug.cgi?id=279945

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033

https://nvd.nist.gov/vuln/detail/CVE-2005-0230

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-0230

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-0230

EUVD