CVE-2007-4841
Mozilla Firefox/Thunderbird < 2.0.0.8, SeaMonkey < 1.1.5 - Remote Command Execution
Title source: llmDescription
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
References (17)
Core 17
Core References
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25543
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3544
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0083
Various Sources x_refsource_misc
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0082
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28398
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27414
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27360
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27315
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27744
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27311
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28363
Scores
EPSS
0.0265
EPSS Percentile
83.9%
Details
CWE
CWE-20
Status
published
Products (3)
mozilla/firefox
< 2.0.0.8
mozilla/seamonkey
< 1.1.5
mozilla/thunderbird
< 2.0.0.8
Published
Sep 12, 2007
Tracked Since
Feb 18, 2026