6.8

CVE-2007-3285

Exploit

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.

Data is provided by the National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.4
   MicrosoftWindows
MozillaFirefox Version0.8
   MicrosoftWindows
MozillaFirefox Version0.9
   MicrosoftWindows
MozillaFirefox Version0.9.1
   MicrosoftWindows
MozillaFirefox Version0.9.2
   MicrosoftWindows
MozillaFirefox Version0.9.3
   MicrosoftWindows
MozillaFirefox Version0.10
   MicrosoftWindows
MozillaFirefox Version0.10.1
   MicrosoftWindows
MozillaFirefox Version1.0
   MicrosoftWindows
MozillaFirefox Version1.0.1
   MicrosoftWindows
MozillaFirefox Version1.0.2
   MicrosoftWindows
MozillaFirefox Version1.0.3
   MicrosoftWindows
MozillaFirefox Version1.0.4
   MicrosoftWindows
MozillaFirefox Version1.0.5
   MicrosoftWindows
MozillaFirefox Version1.0.6
   MicrosoftWindows
MozillaFirefox Version1.0.7
   MicrosoftWindows
MozillaFirefox Version1.0.8
   MicrosoftWindows
MozillaFirefox Version1.5
   MicrosoftWindows
MozillaFirefox Version1.5.0.1
   MicrosoftWindows
MozillaFirefox Version1.5.0.2
   MicrosoftWindows
MozillaFirefox Version1.5.0.3
   MicrosoftWindows
MozillaFirefox Version1.5.0.4
   MicrosoftWindows
MozillaFirefox Version1.5.0.5
   MicrosoftWindows
MozillaFirefox Version1.5.0.6
   MicrosoftWindows
MozillaFirefox Version1.5.0.7
   MicrosoftWindows
MozillaFirefox Version1.5.0.8
   MicrosoftWindows
MozillaFirefox Version1.5.0.9
   MicrosoftWindows
MozillaFirefox Version1.5.0.10
   MicrosoftWindows
MozillaFirefox Version1.5.0.11
   MicrosoftWindows
MozillaFirefox Version1.5.1
   MicrosoftWindows
MozillaFirefox Version1.5.2
   MicrosoftWindows
MozillaFirefox Version1.5.3
   MicrosoftWindows
MozillaFirefox Version1.5.4
   MicrosoftWindows
MozillaFirefox Version1.5.5
   MicrosoftWindows
MozillaFirefox Version1.5.6
   MicrosoftWindows
MozillaFirefox Version1.5.7
   MicrosoftWindows
MozillaFirefox Version1.5.8
   MicrosoftWindows
MozillaFirefox Version2.0
   MicrosoftWindows
MozillaFirefox Version2.0 Updatebeta1
   MicrosoftWindows
MozillaFirefox Version2.0 Updaterc2
   MicrosoftWindows
MozillaFirefox Version2.0 Updaterc3
   MicrosoftWindows
MozillaFirefox Version2.0.0.1
   MicrosoftWindows
MozillaFirefox Version2.0.0.2
   MicrosoftWindows
MozillaFirefox Version2.0.0.3
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.88% 0.825
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P