CVE-2007-3845

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
References
Link Resource
http://bugzilla.mozilla.org/show_bug.cgi?id=389580
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
https://issues.rpath.com/browse/RPL-1600
http://www.debian.org/security/2007/dsa-1344
http://www.debian.org/security/2007/dsa-1345
http://www.debian.org/security/2007/dsa-1346
http://www.debian.org/security/2007/dsa-1391
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
http://www.ubuntu.com/usn/usn-493-1
http://www.ubuntu.com/usn/usn-503-1
http://secunia.com/advisories/26234
http://secunia.com/advisories/26258
http://secunia.com/advisories/26309
http://secunia.com/advisories/26331
http://secunia.com/advisories/26335
http://secunia.com/advisories/26303
http://secunia.com/advisories/26393
http://secunia.com/advisories/26572
http://secunia.com/advisories/27326
http://secunia.com/advisories/27414
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://secunia.com/advisories/28135
https://bugzilla.mozilla.org/show_bug.cgi?id=389106
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
http://www.securityfocus.com/bid/25053
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
http://www.vupen.com/english/advisories/2007/4256
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://www.vupen.com/english/advisories/2008/0082
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
http://www.securityfocus.com/archive/1/475265/100/200/threaded
Configurations

Configuration 1


Information

Published : 2007-08-08 01:17

Updated : 2023-02-13 02:18


NVD link : CVE-2007-3845

Mitre link : CVE-2007-3845

Products Affected