6.8

CVE-2007-3285

Exploit
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.4
   MicrosoftWindows
MozillaFirefox Version0.8
   MicrosoftWindows
MozillaFirefox Version0.9
   MicrosoftWindows
MozillaFirefox Version0.9.1
   MicrosoftWindows
MozillaFirefox Version0.9.2
   MicrosoftWindows
MozillaFirefox Version0.9.3
   MicrosoftWindows
MozillaFirefox Version0.10
   MicrosoftWindows
MozillaFirefox Version0.10.1
   MicrosoftWindows
MozillaFirefox Version1.0
   MicrosoftWindows
MozillaFirefox Version1.0.1
   MicrosoftWindows
MozillaFirefox Version1.0.2
   MicrosoftWindows
MozillaFirefox Version1.0.3
   MicrosoftWindows
MozillaFirefox Version1.0.4
   MicrosoftWindows
MozillaFirefox Version1.0.5
   MicrosoftWindows
MozillaFirefox Version1.0.6
   MicrosoftWindows
MozillaFirefox Version1.0.7
   MicrosoftWindows
MozillaFirefox Version1.0.8
   MicrosoftWindows
MozillaFirefox Version1.5
   MicrosoftWindows
MozillaFirefox Version1.5.0.1
   MicrosoftWindows
MozillaFirefox Version1.5.0.2
   MicrosoftWindows
MozillaFirefox Version1.5.0.3
   MicrosoftWindows
MozillaFirefox Version1.5.0.4
   MicrosoftWindows
MozillaFirefox Version1.5.0.5
   MicrosoftWindows
MozillaFirefox Version1.5.0.6
   MicrosoftWindows
MozillaFirefox Version1.5.0.7
   MicrosoftWindows
MozillaFirefox Version1.5.0.8
   MicrosoftWindows
MozillaFirefox Version1.5.0.9
   MicrosoftWindows
MozillaFirefox Version1.5.0.10
   MicrosoftWindows
MozillaFirefox Version1.5.0.11
   MicrosoftWindows
MozillaFirefox Version1.5.1
   MicrosoftWindows
MozillaFirefox Version1.5.2
   MicrosoftWindows
MozillaFirefox Version1.5.3
   MicrosoftWindows
MozillaFirefox Version1.5.4
   MicrosoftWindows
MozillaFirefox Version1.5.5
   MicrosoftWindows
MozillaFirefox Version1.5.6
   MicrosoftWindows
MozillaFirefox Version1.5.7
   MicrosoftWindows
MozillaFirefox Version1.5.8
   MicrosoftWindows
MozillaFirefox Version2.0
   MicrosoftWindows
MozillaFirefox Version2.0 Updatebeta1
   MicrosoftWindows
MozillaFirefox Version2.0 Updaterc2
   MicrosoftWindows
MozillaFirefox Version2.0 Updaterc3
   MicrosoftWindows
MozillaFirefox Version2.0.0.1
   MicrosoftWindows
MozillaFirefox Version2.0.0.2
   MicrosoftWindows
MozillaFirefox Version2.0.0.3
   MicrosoftWindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.75% 0.749
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
http://secunia.com/advisories/26072
Vendor Advisory
http://secunia.com/advisories/26149
Vendor Advisory
http://secunia.com/advisories/26204
Vendor Advisory
http://secunia.com/advisories/26216
Vendor Advisory
http://secunia.com/advisories/26258
Vendor Advisory
http://secunia.com/advisories/26271
Vendor Advisory
http://secunia.com/advisories/28135
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-490-1
http://www.vupen.com/english/advisories/2007/4256
Vendor Advisory
http://osvdb.org/38032
http://www.0x000000.com/?i=333
http://www.mozilla.org/security/announce/2007/mfsa2007-22.html
http://www.securityfocus.com/bid/24447
Exploit
http://www.securitytracker.com/id?1018413
https://bugzilla.mozilla.org/show_bug.cgi?id=383478