Lucene search

K

[email protected]NVD:CVE-2007-3845

HistoryAug 08, 2007 - 1:17 a.m.

CVE-2007-3845

2007-08-0801:17:00

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching “a file handling program based on the file extension at the end of the URI,” a variant of CVE-2007-4041. NOTE: the vendor states that “it is still possible to launch a filetype handler based on extension rather than the registered protocol handler.”

Affected configurations

NVD

Node

microsoftwindows_xp

AND

mozillafirefoxMatch2.0.0.5

OR

mozillaseamonkeyMatch1.1.3

OR

mozillathunderbirdMatch2.0.0.5

References

bugzilla.mozilla.org/show_bug.cgi?id=389580

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

secunia.com/advisories/26234

secunia.com/advisories/26258

secunia.com/advisories/26303

secunia.com/advisories/26309

secunia.com/advisories/26331

secunia.com/advisories/26335

secunia.com/advisories/26393

secunia.com/advisories/26572

secunia.com/advisories/27326

secunia.com/advisories/27414

secunia.com/advisories/28135

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101

sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

www.debian.org/security/2007/dsa-1344

www.debian.org/security/2007/dsa-1345

www.debian.org/security/2007/dsa-1346

www.debian.org/security/2007/dsa-1391

www.mandriva.com/security/advisories?name=MDKSA-2007:152

www.mandriva.com/security/advisories?name=MDVSA-2007:047

www.mandriva.com/security/advisories?name=MDVSA-2008:047

www.mozilla.org/security/announce/2007/mfsa2007-27.html

www.securityfocus.com/archive/1/475265/100/200/threaded

www.securityfocus.com/archive/1/475450/30/5550/threaded

www.securityfocus.com/bid/25053

www.ubuntu.com/usn/usn-493-1

www.ubuntu.com/usn/usn-503-1

www.vupen.com/english/advisories/2007/4256

www.vupen.com/english/advisories/2008/0082

bugzilla.mozilla.org/show_bug.cgi?id=389106

issues.rpath.com/browse/RPL-1600

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%

Related for NVD:CVE-2007-3845

ubuntucve2 checkpoint_advisories1 prion4 cve4 cvelist4 nessus17 openvas23 osv4 mozilla1 cert1 securityvulns2 nvd3 debian4 ubuntu2 redhatcve1 suse1