You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.1) > MFSA 2005-21

Mozilla Foundation Security Advisory 2005-21

Title: Overwrite arbitrary files downloading .lnk twice
Severity: Critical
Risk: Low
Reporter: Masayuki Nakano
Products: Firefox, Thunderbird, Mozilla Suite

Fixed in: Firefox 1.0.1
  Thunderbird 1.0.2
  Mozilla Suite 1.7.6

Description

If a windows user can be convinced to download a .lnk file twice to the same location an attacker can overwrite (essentially delete) arbitrary files on the user's machine: the file referenced by the first .lnk will be overwritten by the second download rather than replacing the .lnk itself. On some older versions of windows .pif and .url files can be used to accomplish the same thing.

If an attacker knows the user will download twice and is able to send different content the second time then attackers could replace the targeted file with content of their choosing. The first .lnk would point to the target file and the second download would contain the compromised version of the target.

Workaround

Do not download .pif, .lnk, or .url files. If running Windows XP use a limited (non-administrator) account to prevent malicious access to critical operating system files.

References