Vulnerabilities > CVE-2005-1576 - Remote Security vulnerability in Mozilla Firefox 0.10.1/1.0

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

mozilla

NVD

Published: 2005-05-12

Updated: 2008-09-05

Summary

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 0.10.1 Mozilla Firefox 1.0	2

References

http://secunia.com/advisories/12979
http://secunia.com/secunia_research/2004-11/advisory/
http://www.osvdb.org/16432