Test ID:	1.3.6.1.4.1.25623.1.0.900869
Category:	General
Title:	Mozilla Firefox Insecure Saving Of Downloadable File - Linux
Summary:	Mozilla Firefox is saving downloadable files insecurely.
Description:	Summary: Mozilla Firefox is saving downloadable files insecurely. Vulnerability Insight: This security issue is due to the browser using a fixed path from the /tmp directory when a user opens a file downloaded for opening from the 'Downloads' window. This can be exploited to trick a user into opening a file with potentially malicious content by placing it in the /tmp directory before the download takes place. Vulnerability Impact: Local attackers may leverage this issue by replacing an arbitrary downloaded file by placing a file in a /tmp location before the download occurs. Affected Software/OS: Mozilla Firefox version 2.x, 3.x. Solution: Update to version 3.6.3 or later. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3274 http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 http://jbrownsec.blogspot.com/2009/09/vamos-updates.html http://securitytube.net/Zero-Day-Demos-(Firefox-Vulnerability-Discovered)-video.aspx https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9641 http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html http://secunia.com/advisories/36649 http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 http://www.vupen.com/english/advisories/2009/3334 http://www.vupen.com/english/advisories/2010/0650
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.