9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
86.7%
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey
before 1.1.5 allows remote attackers to execute arbitrary commands via a
(1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid “%” encoding,
related to improper file type handling on Windows XP with Internet Explorer
7 installed, a variant of CVE-2007-3845.
Author | Note |
---|---|
jdstrand | unspecified vulnerability |
kees | Windows-only. |