Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."

Firefox 1.0 不会阻止用户将具有图像/gif 内容类型但具有危险扩展名的可执行文件拖放到桌面，例如.bat 或.exe，这允许远程攻击者绕过预期的限制，通过构造的 GIF 文件执行任意命令，这些 GIF 文件仍然可以由 Windows 批处理文件解析器(也被称为“firetragging”)解析。

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）