VDB
CVE-2007-3845
CVE-2007-3845
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
EPSS 44.11% · 97.6th percentile
Risk Scores
CVSS v2.0
9.300000190734863
EPSS Score
44.11%
97.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mozilla | thunderbird | 2.0.0.5 |
| mozilla | firefox | 2.0.0.5 |
| n/a | n/a | n/a |
| mozilla | seamonkey | 1.1.3 |
Timeline
- Aug 8, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- http://www.mozilla.org/security/announce/2007/mfsa2007-27.html url
- https://issues.rpath.com/browse/RPL-1600 url
- USN-503-1 vendor-advisory
- MDVSA-2008:047 vendor-advisory
- 27414 third-party-advisory
- HPSBUX02156 vendor-advisory
- 26393 third-party-advisory
- 26303 third-party-advisory
- ADV-2007-4256 vdb
- 25053 vdb
- 26309 third-party-advisory
- HPSBUX02153 vendor-advisory
- MDKSA-2007:152 vendor-advisory
- DSA-1345 vendor-advisory
- DSA-1391 vendor-advisory
- http://bugzilla.mozilla.org/show_bug.cgi?id=389580 url
- DSA-1346 vendor-advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=389106 url
- MDVSA-2007:047 vendor-advisory
- 28135 third-party-advisory
…and 15 more