Vulnerability Details : CVE-2005-0230
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
Products affected by CVE-2005-0230
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-0230
4.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0230
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2005-0230
-
http://www.mozilla.org/security/announce/mfsa2005-25.html
Patch
-
http://www.novell.com/linux/security/advisories/2006_04_25.html
404 Page Not Found | SUSE
-
http://marc.info/?l=bugtraq&m=110780995232064&w=2
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033
-
http://www.mikx.de/firedragging/
Exploit
-
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/12468
-
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Patch;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=279945
Vendor Advisory
Jump to