| Vulnerability Name: | CVE-2005-1576 (CCN-21293) | ||||||||
| Assigned: | 2005-05-12 | ||||||||
| Published: | 2005-05-12 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-1576 Source: CCN Type: SA12979 Mozilla Firefox Download Dialog Spoofing Vulnerabilities Source: SECUNIA Type: Exploit, Patch, Vendor Advisory 12979 Source: MISC Type: Exploit, Patch, Vendor Advisory http://secunia.com/secunia_research/2004-11/advisory/ Source: CCN Type: Mozilla Firefox Download Web page Firefox - Rediscover the web Source: OSVDB Type: Exploit, Vendor Advisory 16432 Source: CCN Type: OSVDB ID: 16432 Mozilla Firefox Content-Type Header "Save to Disk" File Extension Spoofing Source: XF Type: UNKNOWN mozilla-contentheader-spoof(21293) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||