CVE-2005-1576 : The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine th

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.

Published 2005-05-12 04:00:00

Updated 2008-09-05 20:49:31

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2005-1576

Probability of exploitation activity in the next 30 days: 0.16%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-1576

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.6	LOW	AV:N/AC:H/Au:N/C:N/I:P/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

Products affected by CVE-2005-1576

Mozilla » Firefox » Version: 0.10.1
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-1576

Exploit prediction scoring system (EPSS) score for CVE-2005-1576

CVSS scores for CVE-2005-1576

Products affected by CVE-2005-1576