Published: 08/08/2007 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Mozilla Firefox prior to 2.0.0.6, Thunderbird prior to 1.5.0.13 and 2.x prior to 2.0.0.6, and SeaMonkey prior to 1.1.4 allow remote malicious users to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 2.0.0.5
mozilla seamonkey 1.1.3
mozilla thunderbird 2.0.0.5

Debian Bug report logs - #444010 CVE-2007-3734 Multiple unspecified vulnerabilities Package: icedove; Maintainer for icedove is Carsten Schoenert <cschoenert@t-onlinede>; Source for icedove is src:thunderbird (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Tue, 25 Sep 2007 12:39:01 UTC Severi ...

Various flaws were discovered in the layout and JavaScript engines By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user’s privileges Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it (CVE-2007-3734, CVE-2007-3735, CVE-2007-3844) ...

A flaw was discovered in handling of “about:blank” windows used by addons A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages (CVE-2007-3844) ...

Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3844 moz_bug_r_a4 discovered that a regression in the handling of about:blank windows used by addons may lead to ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3844 moz_bug_r_a4 discovered that a regression in the handling of about:blank windows used by addons may lead to an attacker being abl ...

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3844 moz_bug_r_a4 discovered that a regression in the handling of about:blank windows used by addons may lead to an attac ...

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmg ...

Mozilla Foundation Security Advisory 2007-27 Unescaped URIs passed to external programs Announced July 30, 2007 Reporter Jesper Johansson Impact Critical Products Firefox, SeaMonkey, Thunderbird Fixed in ...

source: wwwsecurityfocuscom/bid/25053/info Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmdexe' by employing various URI handlers An att ...

NVD-CWE-noinfo http://bugzilla.mozilla.org/show_bug.cgi?id=389580 http://www.mozilla.org/security/announce/2007/mfsa2007-27.html https://issues.rpath.com/browse/RPL-1600 http://www.debian.org/security/2007/dsa-1344 http://www.debian.org/security/2007/dsa-1345 http://www.debian.org/security/2007/dsa-1346 http://www.debian.org/security/2007/dsa-1391 http://www.mandriva.com/security/advisories?name=MDKSA-2007:152 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101 http://www.ubuntu.com/usn/usn-493-1 http://www.ubuntu.com/usn/usn-503-1 http://secunia.com/advisories/26234 http://secunia.com/advisories/26258 http://secunia.com/advisories/26309 http://secunia.com/advisories/26331 http://secunia.com/advisories/26335 http://secunia.com/advisories/26303 http://secunia.com/advisories/26393 http://secunia.com/advisories/26572 http://secunia.com/advisories/27326 http://secunia.com/advisories/27414 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1 http://secunia.com/advisories/28135 https://bugzilla.mozilla.org/show_bug.cgi?id=389106 http://www.mandriva.com/security/advisories?name=MDVSA-2007:047 http://www.securityfocus.com/bid/25053 http://www.mandriva.com/security/advisories?name=MDVSA-2008:047 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://www.vupen.com/english/advisories/2007/4256 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://www.vupen.com/english/advisories/2008/0082 http://www.securityfocus.com/archive/1/475450/30/5550/threaded http://www.securityfocus.com/archive/1/475265/100/200/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444010 https://nvd.nist.gov https://usn.ubuntu.com/503-1/https://www.exploit-db.com/exploits/30381/https://www.kb.cert.org/vuls/id/783400

CVE-2007-3845

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect