Vulnerability Description
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.10.1 |
References
- http://secunia.com/advisories/12979ExploitPatchVendor Advisory
- http://secunia.com/secunia_research/2004-11/advisory/ExploitPatchVendor Advisory
- http://www.osvdb.org/16432ExploitVendor Advisory
- http://secunia.com/advisories/12979ExploitPatchVendor Advisory
- http://secunia.com/secunia_research/2004-11/advisory/ExploitPatchVendor Advisory
- http://www.osvdb.org/16432ExploitVendor Advisory
FAQ
What is CVE-2005-1576?
CVE-2005-1576 is a vulnerability with a CVSS score of 2.6 (LOW). The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is select...
How severe is CVE-2005-1576?
CVE-2005-1576 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1576?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.