You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.1) > MFSA 2005-21

Mozilla Foundation Security Advisory 2005-21

Title: Overwrite arbitrary files downloading .lnk twice
Severity: Critical
Risk: Low
Reporter: Masayuki Nakano
Products: Firefox, Thunderbird, Mozilla Suite

Fixed in: Firefox 1.0.1
  Thunderbird 1.0.2
  Mozilla Suite 1.7.6

Description

If a windows user can be convinced to download a .lnk file twice to the same location an attacker can overwrite (essentially delete) arbitrary files on the user's machine: the file referenced by the first .lnk will be overwritten by the second download rather than replacing the .lnk itself. On some older versions of windows .pif and .url files can be used to accomplish the same thing.

If an attacker knows the user will download twice and is able to send different content the second time then attackers could replace the targeted file with content of their choosing. The first .lnk would point to the target file and the second download would contain the compromised version of the target.

Workaround

Do not download .pif, .lnk, or .url files. If running Windows XP use a limited (non-administrator) account to prevent malicious access to critical operating system files.

References