5.1

CVE-2005-0230

Exploit

EPSS 2.21%
Veröffentlicht 02.05.2005 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.21%	0.829

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/19823

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml

Patch

Vendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml

Patch

Vendor Advisory

http://marc.info/?l=bugtraq&m=110780995232064&w=2

http://www.mikx.de/firedragging/

Exploit

http://www.mozilla.org/security/announce/mfsa2005-25.html

Patch

http://www.securityfocus.com/bid/12468

https://bugzilla.mozilla.org/show_bug.cgi?id=279945

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033

https://nvd.nist.gov/vuln/detail/CVE-2005-0230

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-0230

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-0230

EUVD