CVE-2007-3845

Mozilla Firefox <2.0.0.6, Thunderbird <1.5.0.13 & 2.x <2.0.0.6, Sea...

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3845. PoCs published by Billy Rios.

AI-analyzed exploit summary This exploit leverages URI protocol handlers in multiple browsers to execute arbitrary commands via crafted URIs. It demonstrates command injection through handlers like 'mailto:', 'nntp:', and others to spawn processes like 'cmd.exe' or 'calc.exe'.

Description

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Billy Rios · textremotewindows
https://www.exploit-db.com/exploits/30381

This exploit leverages URI protocol handlers in multiple browsers to execute arbitrary commands via crafted URIs. It demonstrates command injection through handlers like 'mailto:', 'nntp:', and others to spawn processes like 'cmd.exe' or 'calc.exe'.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mozilla Firefox 2.0.0.5, 3.0a6, Netscape Navigator 9, and potentially other browsers
No auth needed
Prerequisites: Victim interaction required to click a malicious URI link
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (34)

Core 34
Core References
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1600
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-503-1
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27414
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26393
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26303
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4256
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25053
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26309
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1345
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1391
Issue Tracking x_refsource_confirm
http://bugzilla.mozilla.org/show_bug.cgi?id=389580
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1346
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=389106
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28135
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0082
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-493-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26234
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1344
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26258
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27326
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26331
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475265/100/200/threaded
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26335
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26572

Scores

EPSS 0.0570
EPSS Percentile 92.0%

Details

Status published
Products (3)
mozilla/firefox 2.0.0.5
mozilla/seamonkey 1.1.3
mozilla/thunderbird 2.0.0.5
Published Aug 08, 2007
Tracked Since Feb 18, 2026