Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-4841

Published: 12/09/2007 Updated: 09/10/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mozilla

Vulnerability Summary

Mozilla Firefox prior to 2.0.0.8, Thunderbird prior to 2.0.0.8, and SeaMonkey prior to 1.1.5 allows remote malicious users to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla thunderbird

mozilla firefox

mozilla seamonkey

Vendor Advisories

Debian CVElist Bug Report Logs: libxul0d: vulnerable to CVE-2007-5339
Debian Bug report logs - #447734 libxul0d: vulnerable to CVE-2007-5339 Package: libxul0d; Maintainer for libxul0d is (unknown); Reported by: Sam Morris <sam@robotsorguk> Date: Tue, 23 Oct 2007 13:18:01 UTC Severity: grave Tags: security Found in versions xulrunner/1816-1, xulrunner/18011-2 Fixed in versions xulrun ...
Mozilla: URIs with invalid %-encoding mishandled by Windows
Mozilla Foundation Security Advisory 2007-36 URIs with invalid %-encoding mishandled by Windows Announced October 18, 2007 Reporter Billy Rios, Nate McFeters, Secunia Impact Moderate Products Firefox, SeaMonkey, Thunderbird ...

References

CWE-20http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/http://www.securityfocus.com/bid/25543http://www.mozilla.org/security/announce/2007/mfsa2007-36.htmlhttp://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202http://secunia.com/advisories/27311http://secunia.com/advisories/27315http://secunia.com/advisories/27414http://secunia.com/advisories/27360http://secunia.com/advisories/28363http://secunia.com/advisories/28398http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007http://secunia.com/advisories/27744http://www.vupen.com/english/advisories/2008/0083http://www.vupen.com/english/advisories/2007/3544http://www.vupen.com/english/advisories/2008/0082http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447734https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook