[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4841Date: (C)2007-09-12   (M)2023-12-22


Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-25543
SECUNIA-27311
SECUNIA-27315
SECUNIA-27360
SECUNIA-27414
SECUNIA-27744
SECUNIA-28363
SECUNIA-28398
ADV-2007-3544
ADV-2008-0082
ADV-2008-0083
HPSBUX02156
MDKSA-2007:202
SSA:2007-324-01
SSRT061181
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/

CPE    3
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox
CWE    1
CWE-20

© SecPod Technologies