CVE-2005-0587

MEDIUM

Mozilla Firefox < 1.0.1 - Symlink Following

Title source: rule

Description

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.

References (5)

[Broken Link] http://secunia.com/advisories/19823

[Vendor Advisory] http://www.mozilla.org/security/announce/mfsa2005-21.html

[Broken Link] http://www.novell.com/linux/security/advisories/2006_04_25.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/12659

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037

Scores

CVSS v3 6.5

EPSS 0.0108

EPSS Percentile 77.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-59

Status draft

Affected Products (2)

mozilla/firefox < 1.0.1

mozilla/mozilla < 1.7.6

Timeline

Published Mar 25, 2005

Tracked Since Feb 18, 2026