Описание
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 3.0.15+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 3.0.15+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 3.0.15+nobinonly-0ubuntu0.9.04.1 |
| karmic | DNE | |
| upstream | released | 3.0.15 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 3.6.3+nobinonly-0ubuntu4 |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | released | 3.5.4+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 3.5.4+nobinonly-0ubuntu0.9.10.1 |
| upstream | released | 3.5.4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 3.0.3+nobinonly-0ubuntu1 |
| hardy | released | 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1 |
| upstream | released | 2.0.0.24 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 1.9.0.15+nobinonly-0ubuntu0.8.04.1 |
| intrepid | released | 1.9.0.15+nobinonly-0ubuntu0.8.10.1 |
| jaunty | released | 1.9.0.15+nobinonly-0ubuntu0.9.04.1 |
| karmic | DNE | |
| upstream | released | 1.9.0.15 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | released | 1.9.1.4+nobinonly-0ubuntu0.9.04.3 |
| karmic | released | 1.9.1.4+nobinonly-0ubuntu0.9.10.1 |
| upstream | released | 1.9.1.4 |
Показывать по
EPSS
9.3 Critical
CVSS2
Связанные уязвимости
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey be ...
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
EPSS
9.3 Critical
CVSS2