CVE-2005-0587
MEDIUMFirefox < 1.0.1 and Mozilla < 1.7.6 - Arbitrary File Overwrite via .LNK File Download
Title source: llmDescription
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
References (5)
Core 5
Core References
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12659
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19823
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/mfsa2005-21.html
Broken Link vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_04_25.html
Scores
CVSS v3
6.5
EPSS
0.0142
EPSS Percentile
69.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (2)
mozilla/firefox
< 1.0.1
mozilla/mozilla
< 1.7.6
Published
Mar 25, 2005
Tracked Since
Feb 18, 2026