1. CVE-Search
  2. CVE-2007-3845
ID CVE-2007-3845
Summary Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 13-02-2023 - 02:18)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 25053
bugtraq
  • 20070801 FLEA-2007-0039-1 firefox
  • 20070803 FLEA-2007-0040-1 thunderbird
confirm
debian
  • DSA-1344
  • DSA-1345
  • DSA-1346
  • DSA-1391
hp
  • HPSBUX02153
  • HPSBUX02156
  • SSRT061181
  • SSRT061236
mandriva
  • MDKSA-2007:152
  • MDVSA-2007:047
  • MDVSA-2008:047
secunia
  • 26234
  • 26258
  • 26303
  • 26309
  • 26331
  • 26335
  • 26393
  • 26572
  • 27326
  • 27414
  • 28135
slackware SSA:2007-213-01
sunalert
  • 103177
  • 201516
ubuntu
  • USN-493-1
  • USN-503-1
vupen
  • ADV-2007-4256
  • ADV-2008-0082
statements via4
contributor Joshua Bressers
lastmodified 2007-10-10
organization Red Hat
statement Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux.
Last major update 13-02-2023 - 02:18
Published 08-08-2007 - 01:17
Last modified 13-02-2023 - 02:18
Back to Top