CVE-2004-1449

Description

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.

Affected products

• FirebirdSQL / firebird0.7 – 0.7
• Mozilla / mozilla0.8 – 0.8
• Mozilla / mozilla0.9.2 – 0.9.2
• Mozilla / mozilla0.9.2.1 – 0.9.2.1
• Mozilla / mozilla0.9.3 – 0.9.3
• Mozilla / mozilla0.9.4 – 0.9.4
• Mozilla / mozilla0.9.4.1 – 0.9.4.1
• Mozilla / mozilla0.9.5 – 0.9.5
• Mozilla / mozilla0.9.6 – 0.9.6
• Mozilla / mozilla0.9.7 – 0.9.7
• Mozilla / mozilla0.9.8 – 0.9.8
• Mozilla / mozilla0.9.9 – 0.9.9
• Mozilla / mozilla0.9.35 – 0.9.35
• Mozilla / mozilla0.9.48 – 0.9.48
• Mozilla / mozilla1.0 – 1.0
• Mozilla / mozilla1.0 – 1.0
• Mozilla / mozilla1.0 – 1.0
• Mozilla / mozilla1.0.1 – 1.0.1
• Mozilla / mozilla1.0.2 – 1.0.2
• Mozilla / mozilla1.1 – 1.1
• Mozilla / mozilla1.1 – 1.1
• Mozilla / mozilla1.1 – 1.1
• Mozilla / mozilla1.2 – 1.2
• Mozilla / mozilla1.2 – 1.2
• Mozilla / mozilla1.2 – 1.2
• Mozilla / mozilla1.2.1 – 1.2.1
• Mozilla / mozilla1.3 – 1.3
• Mozilla / mozilla1.3.1 – 1.3.1
• Mozilla / mozilla1.4 – 1.4
• Mozilla / mozilla1.4 – 1.4
• Mozilla / mozilla1.4 – 1.4
• Mozilla / mozilla1.4.1 – 1.4.1
• Mozilla / mozilla1.4.2 – 1.4.2
• Mozilla / mozilla1.4.4 – 1.4.4
• Mozilla / mozilla1.5 – 1.5
• Mozilla / mozilla1.5.1 – 1.5.1
• Mozilla / mozilla1.6 – 1.6
• Mozilla / Thunderbird0.1 – 0.1
• Mozilla / Thunderbird0.2 – 0.2
• Mozilla / Thunderbird0.3 – 0.3
• Mozilla / Thunderbird0.4 – 0.4
• Mozilla / Thunderbird0.5 – 0.5
• Mozilla / Thunderbird0.6 – 0.6

References

• VENDOR_ADVISORYhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082
• MISChttp://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0