DescriptionFirefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SA:2006:022, published Tue, 25 Apr 2006 15:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE LINUX 10.0 |
SUSE LINUX 9.2
SUSE LINUX 9.3
|SUSE LINUX 9.1 for IA32 |
SUSE LINUX 9.1 for x86-64