CVE-2007-3845

Multiple Browsers - URI Handlers Command Injection

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

Mozilla Firefox anterior a 2.0.0.6, Thunderbird anterior a 1.5.0.13 y 2.x anterior a 2.0.0.6, y SeaMonkey anterior a 1.1.4 permite a atacantes remotos ejecutar código de su elección mediante ciertos vectores asociados con el lanzamiento de "un programa de manejo de ficheros basado en la extensión del fichero al final del URI", una variante de CVE-2007-4041. El vendedor afirma que "todavía es posible lanzar un manipulador de tipo de fichero basado en la extensión en lugar de el manipulador de protocolo registrado".

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-18 CVE Reserved
2007-07-25 First Exploit
2007-08-08 CVE Published
2024-08-07 CVE Updated
2024-08-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (35)

URL	Tag	Source
http://bugzilla.mozilla.org/show_bug.cgi?id=389580	X_refsource_confirm
http://secunia.com/advisories/26234	Third Party Advisory
http://secunia.com/advisories/26258	Third Party Advisory
http://secunia.com/advisories/26303	Third Party Advisory
http://secunia.com/advisories/26309	Third Party Advisory
http://secunia.com/advisories/26331	Third Party Advisory
http://secunia.com/advisories/26335	Third Party Advisory
http://secunia.com/advisories/26393	Third Party Advisory
http://secunia.com/advisories/26572	Third Party Advisory
http://secunia.com/advisories/27326	Third Party Advisory
http://secunia.com/advisories/27414	Third Party Advisory
http://secunia.com/advisories/28135	Third Party Advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html	X_refsource_confirm
http://www.securityfocus.com/archive/1/475265/100/200/threaded	Mailing List
http://www.securityfocus.com/archive/1/475450/30/5550/threaded	Mailing List
http://www.securityfocus.com/bid/25053	Vdb Entry
http://www.vupen.com/english/advisories/2007/4256	Vdb Entry
http://www.vupen.com/english/advisories/2008/0082	Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=389106	X_refsource_confirm
https://issues.rpath.com/browse/RPL-1600	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/30381	2007-07-25

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	2023-11-07
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579	2023-11-07
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101	2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1	2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	2023-11-07
http://www.debian.org/security/2007/dsa-1344	2023-11-07
http://www.debian.org/security/2007/dsa-1345	2023-11-07
http://www.debian.org/security/2007/dsa-1346	2023-11-07
http://www.debian.org/security/2007/dsa-1391	2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047	2023-11-07
http://www.ubuntu.com/usn/usn-493-1	2023-11-07
http://www.ubuntu.com/usn/usn-503-1	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	2.0.0.5 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe
Mozilla Search vendor "Mozilla"	Seamonkey Search vendor "Mozilla" for product "Seamonkey"	1.1.3 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe
Mozilla Search vendor "Mozilla"	Thunderbird Search vendor "Mozilla" for product "Thunderbird"	2.0.0.5 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.5"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe