CVE-2007-4841

Mozilla Firefox/Thunderbird < 2.0.0.8, SeaMonkey < 1.1.5 - Remote Command Execution

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

References (17)

Core 17
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25543
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3544
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0083
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0082
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28398
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27414
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27360
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27315
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27744
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27311
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28363

Scores

EPSS 0.0265
EPSS Percentile 83.9%

Details

CWE
CWE-20
Status published
Products (3)
mozilla/firefox < 2.0.0.8
mozilla/seamonkey < 1.1.5
mozilla/thunderbird < 2.0.0.8
Published Sep 12, 2007
Tracked Since Feb 18, 2026