PT-2007-5080 · Mozilla+1 · Firefox+3
Published
2007-08-08
·
Updated
2023-02-13
·
CVE-2007-3845
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Mozilla Firefox versions prior to 2.0.0.6
Thunderbird versions prior to 1.5.0.13 and 2.x prior to 2.0.0.6
SeaMonkey versions prior to 1.1.4
Description:
The issue allows remote attackers to execute arbitrary commands via certain vectors associated with launching a file handling program based on the file extension at the end of the URI. It is still possible to launch a filetype handler based on extension rather than the registered protocol handler.
Recommendations:
For Mozilla Firefox versions prior to 2.0.0.6, update to version 2.0.0.6 or later.
For Thunderbird versions prior to 1.5.0.13, update to version 1.5.0.13 or later.
For Thunderbird 2.x versions prior to 2.0.0.6, update to version 2.0.0.6 or later.
For SeaMonkey versions prior to 1.1.4, update to version 1.1.4 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hp-Ux
Firefox
Seamonkey
Thunderbird