SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
Mozilla Firefox Input Validation Error Lets Remote Users Delete Download Directory Files
SecurityTracker Alert ID:  1011501
SecurityTracker URL:  http://securitytracker.com/id/1011501
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 2 2004
Impact:   Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0 Preview Release
Description:   A vulnerability was reported in Mozilla Firefox. A remote user can cause files in the target user's download directory to be deleted when a target user saves a file.

The vendor reported that a remote user can create a specially crafted link that, when selected for download, will delete files in the download directory. The target user must click on 'Save' to permit the exploit to occur.

Alex Vincent is credited with discovering this flaw.

Impact:   A remote user can cause files in the download directory to be deleted when the target user saves a file to be downloaded.
Solution:   The vendor has issued Firefox Preview Release (0.10.1), available at:

http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10.1/Firefox%20Setup%201.0PR.exe

Vendor URL:  www.mozilla.org/products/firefox/ (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC