Vulnerability Details : CVE-2007-3845
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
Products affected by CVE-2007-3845
- cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Xp
- cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Xp
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Xp
Exploit prediction scoring system (EPSS) score for CVE-2007-3845
43.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3845
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
Vendor statements for CVE-2007-3845
-
Red Hat 2007-10-10Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux.
References for CVE-2007-3845
-
http://www.securityfocus.com/archive/1/475265/100/200/threaded
-
http://secunia.com/advisories/27414
-
http://secunia.com/advisories/28135
-
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
-
http://secunia.com/advisories/26393
-
http://secunia.com/advisories/26303
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
-
http://secunia.com/advisories/26309
-
http://www.debian.org/security/2007/dsa-1346
-
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
-
http://www.vupen.com/english/advisories/2008/0082
Site en construction
-
https://bugzilla.mozilla.org/show_bug.cgi?id=389106
-
http://www.debian.org/security/2007/dsa-1391
-
http://www.ubuntu.com/usn/usn-503-1
-
http://secunia.com/advisories/26234
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
-
http://bugzilla.mozilla.org/show_bug.cgi?id=389580
-
http://secunia.com/advisories/26572
-
http://secunia.com/advisories/27326
-
http://secunia.com/advisories/26258
-
http://www.vupen.com/english/advisories/2007/4256
-
http://secunia.com/advisories/26331
-
http://www.securityfocus.com/bid/25053
-
https://issues.rpath.com/browse/RPL-1600
-
http://www.ubuntu.com/usn/usn-493-1
-
http://www.debian.org/security/2007/dsa-1345
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
-
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
-
http://www.debian.org/security/2007/dsa-1344
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
-
http://secunia.com/advisories/26335
Jump to