PT-2005-2555 · Mozilla · Firefox

Published

2005-05-12

Updated

2008-09-05

CVE-2005-1576

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 0.10.1 through 1.0

Description The issue concerns the file download dialog in Mozilla Firefox, which uses the Content-Type HTTP header to determine the file type but saves the original file extension when "Save to Disk" is selected. This allows remote attackers to hide the real file types of downloaded files.

Recommendations For Mozilla Firefox versions 0.10.1 through 1.0, consider updating to a newer version that addresses this issue, as the current behavior could lead to users unknowingly downloading malicious files.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1576

Affected Products

Firefox

PT-2005-2555 · Mozilla · Firefox

CVE-2005-1576

Related Identifiers

Affected Products

References · 4