// For flags

CVE-2007-3670

Microsoft Internet Explorer and Mozilla Firefox - URI Handler Command Injection

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."

Una vulnerabilidad de inyección de argumentos en Microsoft Internet Explorer, cuando es ejecutado en sistemas con Firefox instalado y ciertos URIs registrados, permiten a atacantes remotos conducir ataques de tipo cross-browser scripting y ejecutar comandos arbitrarios por medio de metacaracteres de shell en un URI (1) FirefoxURL o (2) FirefoxHTML, que son insertadas en la línea de comandos que son creadas cuando se invoca el archivo firefox.exe. NOTA: se ha debatido si el problema está en Internet Explorer o Firefox. A partir de 20070711, la opinión de este CVE es que IE parece estar fallando en la delimitación apropiada del argumento de la URL al invocar a Firefox, y este problema podría surgir también con otros manejadores de protocolos en IE. Sin embargo, Mozilla ha declarado que abordará el problema con una "defense in depth" que "prevent IE from sending Firefox malicious data."

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-07-10 CVE Reserved
  • 2007-07-10 CVE Published
  • 2007-07-10 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-10-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (40)
URL Tag Source
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt X_refsource_confirm
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html Mailing List
http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows X_refsource_misc
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565 Third Party Advisory
http://larholm.com/2007/07/10/internet-explorer-0day-exploit X_refsource_misc
http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx X_refsource_misc
http://osvdb.org/38017 Vdb Entry
http://secunia.com/advisories/28179 Third Party Advisory
http://secunia.com/advisories/28363 Third Party Advisory
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html X_refsource_confirm
http://www.kb.cert.org/vuls/id/358017 Third Party Advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-23.html X_refsource_confirm
http://www.mozilla.org/security/announce/2007/mfsa2007-40.html X_refsource_confirm
http://www.securityfocus.com/archive/1/473276/100/0/threaded Mailing List
http://www.securityfocus.com/bid/24837 Vdb Entry
http://www.securitytracker.com/id?1018351 Vdb Entry
http://www.securitytracker.com/id?1018360 Vdb Entry
http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln X_refsource_misc
http://www.us-cert.gov/cas/techalerts/TA07-199A.html Third Party Advisory
http://www.virusbtn.com/news/virus_news/2007/07_11.xml X_refsource_misc
http://www.vupen.com/english/advisories/2007/2473 Vdb Entry
http://www.vupen.com/english/advisories/2007/2565 Vdb Entry
http://www.vupen.com/english/advisories/2007/4272 Vdb Entry
http://www.vupen.com/english/advisories/2008/0082 Vdb Entry
http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/35346 Vdb Entry
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"
beta1
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"
beta2
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"
beta3
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
*-
Affected