Vulnerability Name:

CVE-2005-0230 (CCN-19265)

Assigned:2005-02-08
Published:2005-02-08
Updated:2017-10-11
Summary:Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Feb 07 2005 - 11:48:08 CST
Firedragging [Firefox 1.0]

Source: MITRE
Type: CNA
CVE-2005-0230

Source: BUGTRAQ
Type: UNKNOWN
20050207 Firedragging [Firefox 1.0]

Source: SECUNIA
Type: UNKNOWN
19823

Source: CCN
Type: GLSA-200503-10
Mozilla Firefox: Various vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200503-10

Source: CCN
Type: GLSA-200503-30
Mozilla Suite: Multiple vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200503-30

Source: MISC
Type: Exploit
http://www.mikx.de/firedragging/

Source: CCN
Type: mikx 2005/02/07
firetabbing

Source: CCN
Type: Mozilla Firefox Web site
Firefox - Rediscover the web

Source: CONFIRM
Type: Patch
http://www.mozilla.org/security/announce/mfsa2005-25.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:004

Source: CCN
Type: OSVDB ID: 13610
Mozilla Multiple Browser Dragged Image Extension Spoofing

Source: BID
Type: UNKNOWN
12468

Source: CCN
Type: BID-12468
Mozilla Firefox Drag And Drop Security Policy Bypass Vulnerability

Source: CCN
Type: USN-149-3
Ubuntu 4.10 update for Firefox vulnerabilities

Source: CONFIRM
Type: Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=279945

Source: XF
Type: UNKNOWN
mozilla-firefox-contenttype-spoofing(19265)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100033

Source: SUSE
Type: SUSE-SA:2006:022
MozillaThunderbird various problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20050230
    V
    		CVE-2005-0230
    2015-11-16
    oval:org.mitre.oval:def:100033
    V
    		Mozilla Image Spoofing Vulnerability
    2007-05-09
    BACK
    mozilla firefox 1.0
    netscape navigator 7.2
    mozilla firefox 1.0
    mozilla mozilla 1.7.5
    gentoo linux *
    suse suse linux 9.1
    suse suse linux 9.2
    suse suse linux 10.0
    suse suse linux 9.3