9.3

CVE-2007-3845

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041.  NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version2.0.0.5
MozillaSeamonkey Version1.1.3
MozillaThunderbird Version2.0.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.7% 0.92
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://secunia.com/advisories/27414
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://www.vupen.com/english/advisories/2008/0082
http://secunia.com/advisories/26258
http://secunia.com/advisories/28135
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.vupen.com/english/advisories/2007/4256
http://secunia.com/advisories/26572
http://www.ubuntu.com/usn/usn-503-1
http://secunia.com/advisories/27326
http://www.debian.org/security/2007/dsa-1391
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
http://www.securityfocus.com/bid/25053
https://bugzilla.mozilla.org/show_bug.cgi?id=389106
http://secunia.com/advisories/26234
http://secunia.com/advisories/26303
http://secunia.com/advisories/26309
http://secunia.com/advisories/26331
http://secunia.com/advisories/26335
http://secunia.com/advisories/26393
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
http://www.debian.org/security/2007/dsa-1344
http://www.debian.org/security/2007/dsa-1345
http://www.debian.org/security/2007/dsa-1346
http://www.securityfocus.com/archive/1/475265/100/200/threaded
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
http://www.ubuntu.com/usn/usn-493-1
https://issues.rpath.com/browse/RPL-1600
http://bugzilla.mozilla.org/show_bug.cgi?id=389580
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html