CVE-2004-2227

Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=234416	Patch
http://security.gentoo.org/glsa/glsa-200501-03.xml	Patch Vendor Advisory
http://www.osvdb.org/11591	Patch
http://secunia.com/advisories/13144	Patch Vendor Advisory
http://secunia.com/advisories/13724	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18016

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:firefox:0.10:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*

Information

Published : 2004-12-31 05:00

Updated : 2017-07-11 01:31

NVD link : CVE-2004-2227

Mitre link : CVE-2004-2227

JSON object : View

Products Affected

mozilla

firefox

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=234416", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=234416", "tags": ["Patch"], "refsource": "MISC"}, {"url": "http://security.gentoo.org/glsa/glsa-200501-03.xml", "name": "GLSA-200501-03", "tags": ["Patch", "Vendor Advisory"], "refsource": "GENTOO"}, {"url": "http://www.osvdb.org/11591", "name": "11591", "tags": ["Patch"], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/13144", "name": "13144", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/13724", "name": "13724", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18016", "name": "mozilla-firefox-ext-spoof(18016)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2227", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}