Mozilla Firefox prior to 2.0.0.8, Thunderbird prior to 2.0.0.8, and SeaMonkey prior to 1.1.5 allows remote malicious users to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla thunderbird |
||
mozilla firefox |
||
mozilla seamonkey |