CVE-2005-0230
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/05/2005
Last modified:
03/04/2025
Description
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
Impact
Base Score 2.0
5.10
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=110780995232064&w=2
- http://secunia.com/advisories/19823
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.mikx.de/firedragging/
- http://www.mozilla.org/security/announce/mfsa2005-25.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.securityfocus.com/bid/12468
- https://bugzilla.mozilla.org/show_bug.cgi?id=279945
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033
- http://marc.info/?l=bugtraq&m=110780995232064&w=2
- http://secunia.com/advisories/19823
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.mikx.de/firedragging/
- http://www.mozilla.org/security/announce/mfsa2005-25.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.securityfocus.com/bid/12468
- https://bugzilla.mozilla.org/show_bug.cgi?id=279945
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033