CVE-2007-4841

high

Description

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

References

http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/

http://www.vupen.com/english/advisories/2008/0083

http://www.vupen.com/english/advisories/2008/0082

http://www.vupen.com/english/advisories/2007/3544

http://www.securityfocus.com/bid/25543

http://www.mozilla.org/security/announce/2007/mfsa2007-36.html

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007

http://secunia.com/advisories/28398

http://secunia.com/advisories/28363

http://secunia.com/advisories/27744

http://secunia.com/advisories/27414

http://secunia.com/advisories/27360

http://secunia.com/advisories/27315

http://secunia.com/advisories/27311

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Details

Source: Mitre, NVD

Published: 2007-09-12

Updated: 2019-10-09

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High