Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2007-36
HistoryOct 18, 2007 - 12:00 a.m.

URIs with invalid %-encoding mishandled by Windows — Mozilla

2007-10-1800:00:00
Mozilla Foundation
www.mozilla.org
14

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

86.7%

JSON

On Windows XP with Internet Explorer 7 installed several “web related” URI schemes do not launch the registered protocol-handler if the URI contains an invalid %-encoded sequence. This was initially reported by Billy Rios and Nate McFeters with additional investigation by Secunia. A patch that mitigated the known exploits was shipped with Firefox 2.0.0.6 as described at MFSA 2007-27.

Related

securityvulns 2
openvas 9
cve 1
prion 1
nessus 10
slackware 1
ubuntucve 1
suse 1
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-36
2007-10-23 00:00:00
Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities
2007-10-23 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2007-324-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2007-324-01 mozilla-thunderbird
2012-09-11 00:00:00
Mandriva Update for mozilla-firefox MDKSA-2007:202 (mozilla-firefox)
2009-04-09 00:00:00
cve
cve
CVE-2007-4841
2007-09-12 20:17:00
prion
prion
Input validation
2007-09-12 20:17:00
nessus
nessus
Slackware 10.2 / 11.0 / 12.0 / current : mozilla-thunderbird (SSA:2007-324-01)
2007-11-26 00:00:00
Mozilla Thunderbird < 2.0.0.9 Multiple Vulnerabilities
2007-11-16 00:00:00
SeaMonkey < 1.1.5 Multiple Vulnerabilities
2007-10-24 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2007-11-21 00:24:34
ubuntucve
ubuntucve
CVE-2007-4841
2007-09-12 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla,seamonkey
2007-10-25 18:13:14

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

86.7%

JSON
Related for MFSA2007-36
securityvulns2openvas9cve1prion1nessus10slackware1ubuntucve1suse1