Vulnerability Description
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 1.0.1 |
| Mozilla | Mozilla | < 1.7.6 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/19823Broken Link
- http://www.mozilla.org/security/announce/mfsa2005-21.htmlVendor Advisory
- http://www.novell.com/linux/security/advisories/2006_04_25.htmlBroken Link
- http://www.securityfocus.com/bid/12659Broken LinkThird Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- http://secunia.com/advisories/19823Broken Link
- http://www.mozilla.org/security/announce/mfsa2005-21.htmlVendor Advisory
- http://www.novell.com/linux/security/advisories/2006_04_25.htmlBroken Link
- http://www.securityfocus.com/bid/12659Broken LinkThird Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
FAQ
What is CVE-2005-0587?
CVE-2005-0587 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file t...
How severe is CVE-2005-0587?
CVE-2005-0587 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0587?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla.