Описание
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-3285
- https://bugzilla.mozilla.org/show_bug.cgi?id=383478
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://osvdb.org/38032
- http://secunia.com/advisories/26072
- http://secunia.com/advisories/26149
- http://secunia.com/advisories/26204
- http://secunia.com/advisories/26216
- http://secunia.com/advisories/26258
- http://secunia.com/advisories/26271
- http://secunia.com/advisories/28135
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
- http://www.0x000000.com/?i=333
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
- http://www.mozilla.org/security/announce/2007/mfsa2007-22.html
- http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
- http://www.securityfocus.com/bid/24447
- http://www.securitytracker.com/id?1018413
- http://www.ubuntu.com/usn/usn-490-1
- http://www.vupen.com/english/advisories/2007/4256
EPSS
CVE ID
Связанные уязвимости
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote att ...
EPSS