9.3

CVE-2007-3845

EPSS 43.24%
Published 08.08.2007 01:17:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041.  NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

Affected products Warnungen 0 Metrics 2 CWE 0 References 37

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version2.0.0.5

Microsoft ≫ Windows Xp

Mozilla ≫ Seamonkey Version1.1.3

Microsoft ≫ Windows Xp

Mozilla ≫ Thunderbird Version2.0.0.5

Microsoft ≫ Windows Xp

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	43.24%	0.972

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://secunia.com/advisories/27414

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

http://www.vupen.com/english/advisories/2008/0082

http://secunia.com/advisories/26258

http://secunia.com/advisories/28135

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

http://www.mandriva.com/security/advisories?name=MDKSA-2007:152

http://www.vupen.com/english/advisories/2007/4256

http://secunia.com/advisories/26572

http://www.ubuntu.com/usn/usn-503-1

http://secunia.com/advisories/27326

http://www.debian.org/security/2007/dsa-1391

http://www.mandriva.com/security/advisories?name=MDVSA-2007:047

http://www.mandriva.com/security/advisories?name=MDVSA-2008:047

http://www.securityfocus.com/bid/25053

https://bugzilla.mozilla.org/show_bug.cgi?id=389106

http://secunia.com/advisories/26234

http://secunia.com/advisories/26303

http://secunia.com/advisories/26309

http://secunia.com/advisories/26331

http://secunia.com/advisories/26335

http://secunia.com/advisories/26393

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101

http://www.debian.org/security/2007/dsa-1344

http://www.debian.org/security/2007/dsa-1345

http://www.debian.org/security/2007/dsa-1346

http://www.securityfocus.com/archive/1/475265/100/200/threaded

http://www.securityfocus.com/archive/1/475450/30/5550/threaded

http://www.ubuntu.com/usn/usn-493-1

https://issues.rpath.com/browse/RPL-1600

http://bugzilla.mozilla.org/show_bug.cgi?id=389580

http://www.mozilla.org/security/announce/2007/mfsa2007-27.html

https://nvd.nist.gov/vuln/detail/CVE-2007-3845

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3845

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3845

EUVD