PT-2004-2363 · Mozilla · Firefox+2

Jesse Ruderman

Published

2004-12-31

Updated

2008-09-05

CVE-2004-1449

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Mozilla versions prior to 1.7 Firefox versions prior to 0.9 Thunderbird versions prior to 0.7

Description: The issue allows remote attackers to determine the location of files on a user's hard drive. This is achieved by obscuring a file upload control and tricking the user into dragging text into that control.

Recommendations: For Mozilla versions prior to 1.7, update to version 1.7 or later. For Firefox versions prior to 0.9, update to version 0.9 or later. For Thunderbird versions prior to 0.7, update to version 0.7 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1449

Affected Products

Firefox

Mozilla Firefox

Thunderbird

PT-2004-2363 · Mozilla · Firefox+2

CVE-2004-1449

Related Identifiers

Affected Products

References · 3