CVE-2005-0587

Published: Mar 25, 2005Modified: Apr 16, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.

Affected (2)

Products: Mozilla: Firefox, Mozilla

Mozilla

2 products

Firefox

Mozilla

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 1.0.1
Mozilla Mozilla	Before 1.7.6

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (10)

http://secunia.com/advisories/19823

Source: secalert@redhat.com

Broken Link

http://www.mozilla.org/security/announce/mfsa2005-21.html

Source: secalert@redhat.com

Vendor Advisory

http://www.novell.com/linux/security/advisories/2006_04_25.html

Source: secalert@redhat.com

Broken Link

http://www.securityfocus.com/bid/12659

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/19823