FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- automated file upload

Affected packages
1.7.a,2 <= mozilla < 1.7,2
1.8.a,2 <= mozilla < 1.8.a2,2
1.7.a <= mozilla-gtk1 < 1.7

Details

VuXML ID 6e740881-0cae-11d9-8a8a-000c41e2cdad
Discovery 2004-04-28
Entry 2004-09-22
Modified 2004-09-26

A malicious web page can cause an automated file upload from the victim's machine when viewed with Mozilla with Javascript enabled. This is due to a bug permitting default values for type="file" <input> elements in certain situations.

References

CVE Name CVE-2004-0759
URL https://bugzilla.mozilla.org/show_bug.cgi?id=241924

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.