[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3845Date: (C)2007-08-07   (M)2023-12-22


Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SUNALERT-103177
http://www.securityfocus.com/archive/1/475265/100/200/threaded
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
SUNALERT-201516
BID-25053
SECUNIA-26234
SECUNIA-26258
SECUNIA-26303
SECUNIA-26309
SECUNIA-26331
SECUNIA-26335
SECUNIA-26393
SECUNIA-26572
SECUNIA-27326
SECUNIA-27414
SECUNIA-28135
ADV-2007-4256
ADV-2008-0082
DSA-1344
DSA-1345
DSA-1346
DSA-1391
HPSBUX02153
HPSBUX02156
MDKSA-2007:152
MDVSA-2007:047
MDVSA-2008:047
SSA:2007-213-01
USN-493-1
USN-503-1
http://bugzilla.mozilla.org/show_bug.cgi?id=389580
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
https://bugzilla.mozilla.org/show_bug.cgi?id=389106
https://issues.rpath.com/browse/RPL-1600

CPE    4
cpe:/o:microsoft:windows_xp
cpe:/a:mozilla:firefox:2.0.0.5
cpe:/a:mozilla:seamonkey:1.1.3
cpe:/a:mozilla:thunderbird:2.0.0.5
...

© SecPod Technologies