Login   |   Secure Purdue > News

Mozilla Firefox File Type Check Vulnerability

Mozilla Firefox, a popular web browser, has a new vulnerability that is exploitable in versions 0.10 to 2.0.0.4.  The vulnerability allows an attacker to lure victims to a malicious site and follow links with improper file extensions.  In order for this to be exploited, the victim must willingly interact with the attack method.  If successful, the attacker may have the ability to crash the application or execute arbitrary code.  There currently is no known solution or vendor fix for this vulnerability.

References:

National Vulnerability Database

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3285

Posted by Kitch Spicer on June 21, 2007, in Handlers Log.