CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
97.7%
Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when
running on systems with Thunderbird 1.5 installed and certain URIs
registered, allows remote attackers to conduct cross-browser scripting
attacks and execute arbitrary commands via shell metacharacters in a mailto
URI, which are inserted into the command line that is created when invoking
Thunderbird.exe, a similar issue to CVE-2007-3670.
Author | Note |
---|---|
jdstrand | apparently requires thunderbird 1.5 to be installed to exploit per https://bugzilla.mozilla.org/attachment.cgi?id=278375, Windows only |