CVE-2004-2225
Description
Firefox before 0.10.1 allows remote attackers to delete files in the download directory via a crafted data: URI when the user clicks Save.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Firefox before 0.10.1 allows remote attackers to delete files in the download directory via a crafted data: URI when the user clicks Save.
Vulnerability
A vulnerability exists in Mozilla Firefox versions prior to 0.10.1 in the handling of data: URIs during file downloads. When a user clicks the Save button on a crafted data: URI, the filename extraction logic incorrectly processes the URI, causing the browser to delete files in the download directory instead of saving the file. The bug is documented in Mozilla's security advisory as issue #94 [1] and in Bugzilla bug 259708 [3].
Exploitation
An attacker must convince a victim to click the Save button on a malicious link that uses a data: URI. No authentication or special network position is required; the attacker can host the link on a website or send it via email. The victim's action of clicking Save triggers the deletion of files in the download directory. Mozilla's advisory notes that canceling unexpected file save prompts and avoiding saves from untrusted sites can prevent exploitation [1].
Impact
Successful exploitation allows an attacker to delete arbitrary files in the download directory, resulting in data loss. The severity is rated as high/high by Mozilla [1]. The deletion is limited to files within the download directory and does not extend to other system locations.
Mitigation
The vulnerability is fixed in Firefox 0.10.1 (Preview Release update), released on 2004-09-29 [1][3]. Users should upgrade to this version or later. As a workaround, users can cancel unexpected file save prompts and use the right-click "Save link as" context menu option instead of the Save button [1]. No workaround is available for unpatched versions beyond this advice.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*
- (no CPE)range: <0.10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/12708nvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- www.osvdb.org/10478nvdPatch
- www.securityfocus.com/bid/11311nvdPatch
- bugzilla.mozilla.org/show_bug.cginvdPatchVendor Advisory
- www.mozilla.org/projects/security/older-vulnerabilities.htmlnvd
News mentions
0No linked articles in our index yet.