FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- automated file upload

Affected packages
1.7.a,2 <= mozilla < 1.7,2
1.8.a,2 <= mozilla < 1.8.a2,2
1.7.a <= mozilla-gtk1 < 1.7


VuXML ID 6e740881-0cae-11d9-8a8a-000c41e2cdad
Discovery 2004-04-28
Entry 2004-09-22
Modified 2004-09-26

A malicious web page can cause an automated file upload from the victim's machine when viewed with Mozilla with Javascript enabled. This is due to a bug permitting default values for type="file" <input> elements in certain situations.


CVE Name CVE-2004-0759