CVE-2009-3376

CVE-2009-3376 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.

Learn more about our Web Application Penetration Testing UK.