9.3

CVE-2007-4841

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.8
MozillaSeamonkey Version <= 1.1.5
MozillaThunderbird Version <= 2.0.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.65% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.vupen.com/english/advisories/2008/0083
Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://secunia.com/advisories/27414
Vendor Advisory
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://www.vupen.com/english/advisories/2007/3544
Vendor Advisory
http://secunia.com/advisories/27311
Vendor Advisory
http://secunia.com/advisories/27315
Vendor Advisory
http://secunia.com/advisories/27360
Vendor Advisory
http://secunia.com/advisories/28398
Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://www.vupen.com/english/advisories/2008/0082
Vendor Advisory
http://secunia.com/advisories/28363
Vendor Advisory
http://secunia.com/advisories/27744
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
http://www.securityfocus.com/bid/25543
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/