CVE-2007-3845

Mozilla Firefox <2.0.0.6, Thunderbird <1.5.0.13 & 2.x <2.0.0.6, Sea...

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Billy Rios · textremotewindows
https://www.exploit-db.com/exploits/30381

References (34)

Core 34
Core References
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1600
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-503-1
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27414
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26393
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26303
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4256
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25053
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26309
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1345
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1391
Issue Tracking x_refsource_confirm
http://bugzilla.mozilla.org/show_bug.cgi?id=389580
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1346
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=389106
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28135
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0082
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-493-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26234
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1344
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26258
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27326
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26331
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475265/100/200/threaded
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26335
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26572

Scores

EPSS 0.4411
EPSS Percentile 97.6%

Details

Status published
Products (3)
mozilla/firefox 2.0.0.5
mozilla/seamonkey 1.1.3
mozilla/thunderbird 2.0.0.5
Published Aug 08, 2007
Tracked Since Feb 18, 2026