Sid Stamm

#27163de 53,640
9.3CVSS total
Vulnerabilidades · 1
PT-2009-5683
9.3
2009-10-27
Mozilla · Firefox · CVE-2009-3376
**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.15 Mozilla Firefox versions 3.5.x prior to 3.5.4 SeaMonkey versions prior to 2.0 **Description** The issue arises from improper handling of a right-to-left override (RLO or U+202E) Unicode character in a download filename. This allows remote attackers to spoof file extensions via a crafted filename. For example, it can display a non-executable extension for an executable file. **Recommendations** For Mozilla Firefox versions prior to 3.0.15, update to version 3.0.15 or later. For Mozilla Firefox versions 3.5.x prior to 3.5.4, update to version 3.5.4 or later. For SeaMonkey versions prior to 2.0, update to version 2.0 or later.