Oval Definition:	oval:org.mitre.oval:def:100033
Revision Date: 2007-05-09 Version: 5 Title: Mozilla Image Spoofing Vulnerability Description: Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2005-0230 Platform(s): Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows Server 2003 Microsoft Windows XP Product(s): mozilla Mozilla Firefox Mozilla Thunderbird Definition Synopsis Mozilla Firefox version 1.0 or earlier is installed Firefox version 1.0 or earlier is installed AND Mozilla Firefox version 1.0 or earlier is installed OR Mozilla Thunderbird version 1.0 or earlier is installed Mozilla Thunderbird version 1.0 or earlier is installed AND Mozilla Thunderbird version 1.0 or earlier is installed OR Mozilla Suite version 1.7.5 or earlier is installed Mozilla Suite version 1.7.5 or earlier is installed AND Mozilla Suite version 1.7.5 or earlier is installed
BACK