Intrusion PreventionMozilla.Firefox.Download.Directory.File.Deletion
Description
This indicates a possible exploit of a vulnerability in Mozilla Firefox that may allow remote attackers to delete arbitrary files in the download directory via a crafted data: URI.
Affected Products
Mozilla Firefox 0.10
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Firefox Preview Release
Impact
System compromise: an attacker can delete files in the download directory.
Recommended Actions
The vendor has released version 0.10.1 of Firefox, as well as a patch for Firefox Preview Release users, addressing this issue:
Mozilla Firefox Preview Release
* Mozilla 259708.xpi
* Mozilla firefox-1.0PR-source.tar.bz2
Mozilla Firefox 0.10
* Mozilla 259708.xpi
* Mozilla firefox-1.0PR-source.tar.bz2
Mozilla Firefox 0.8
* Mozilla firefox-1.0PR-source.tar.bz2
Mozilla Firefox 0.9
* Mozilla firefox-1.0PR-source.tar.bz2
Mozilla Firefox 0.9 rc
* Mozilla firefox-1.0PR-source.tar.bz2
Mozilla Firefox 0.9.1
* Mozilla firefox-1.0PR-source.tar.bz2
Mozilla Firefox 0.9.2
* Mozilla firefox-1.0PR-source.tar.bz2
Mozilla Firefox 0.9.3
* Mozilla firefox-1.0PR-source.tar.bz2
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 13450 |
| Created | Oct 19, 2006 |
| Updated | Nov 10, 2021 |
| Risk |
|
| CVE ID | CVE-2004-2225 |
| Exploit Prediction Score | 81.14% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, Other |
| Affected App | Mozilla |