FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- NULL bytes in FTP URLs

Affected packages
firefox < 0.9.3
linux-mozilla < 1.7.2
linux-mozilla-devel < 1.7.2
mozilla < 1.7.2,2
1.8.a,2 <= mozilla
mozilla-gtk1 < 1.7.2

Details

VuXML ID 7c188c55-0cb0-11d9-8a8a-000c41e2cdad
Discovery 2004-07-11
Entry 2004-09-22
Modified 2004-09-24

When handling FTP URLs containing NULL bytes, Mozilla will interpret the file content as HTML. This may allow unexpected execution of Javascript when viewing plain text or other file types via FTP.

References

CVE Name CVE-2004-0760
URL http://bugzilla.mozilla.org/show_bug.cgi?id=250906

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.