Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2007-3285

Source

Mozilla Foundation Security Advisory 2007-22

File type confusion due to %00 in name

Announced

July 17, 2007

Reporter

Ronald van den Heetkamp

Impact

Low

Products

Firefox, SeaMonkey

Fixed in

Firefox 2.0.0.5
SeaMonkey 1.1.3

Description

Ronald van den Heetkamp reported that a filename URL containing %00 (encoded null) can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally.

References

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

File type confusion due to %00 in name

File type confusion due to %00 in name

Description

References

Vulmon Search

About

Products

Connect