CVE-2007-3845

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DSA-1344-1 DSA-1345-1 DSA-1346-1 DSA-1391-1 DTSA-51-1 DTSA-52-1

Modified

Published: 08 Aug 2007, 01:11

Last modified:07 Aug 2024, 14:28

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.3 HIGH

v2.0 (nvd)

EPSS Score

44.11% HIGH

44% probability +0.87%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

08 Aug 2007, 01:11

Published

Vulnerability first disclosed

07 Aug 2024, 14:28

Last Modified

Vulnerability information updated

Description

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

CVSS Metrics

v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 44.11%• Percentile: 98%

Affected Systems

mozilla•firefox
2.0.0.5
mozilla•seamonkey
1.1.3
mozilla•thunderbird
2.0.0.5