Vulnerability Details CVE-2004-2227
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/13144
- http://secunia.com/advisories/13724
- http://security.gentoo.org/glsa/glsa-200501-03.xml
- http://www.osvdb.org/11591
- https://bugzilla.mozilla.org/show_bug.cgi?id=234416
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18016
- http://secunia.com/advisories/13144
- http://secunia.com/advisories/13724
- http://security.gentoo.org/glsa/glsa-200501-03.xml
- http://www.osvdb.org/11591
- https://bugzilla.mozilla.org/show_bug.cgi?id=234416
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18016
Products affected by CVE-2004-2227
-
cpe:2.3:a:mozilla:firefox:0.10
-
cpe:2.3:a:mozilla:firefox:0.10.1
-
cpe:2.3:a:mozilla:firefox:0.8
-
cpe:2.3:a:mozilla:firefox:0.9
-
cpe:2.3:a:mozilla:firefox:0.9.1
-
cpe:2.3:a:mozilla:firefox:0.9.2
-
cpe:2.3:a:mozilla:firefox:0.9.3