VDB
CVE-2007-4041
CVE-2007-4041
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
EPSS 10.87% · 93.3th percentile
Risk Scores
CVSS v2.0
6.800000190734863
EPSS Score
10.87%
93.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| microsoft | internet_explorer | 7 |
| mozilla | firefox | 2.0.0.5, 3.0 |
Timeline
- Jul 27, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 28, 2022 EPSS Score
- May 19, 2022 EPSS Score
- Sep 1, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 14, 2022 EPSS Score
- Feb 4, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- May 19, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
References
- http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/ url
- 25053 vdb
- http://xs-sniper.com/blog/remote-command-exec-firefox-2005/ url
- https://bugzilla.mozilla.org/show_bug.cgi?id=389106 url
- https://bugzilla.mozilla.org/show_bug.cgi?id=389580 url
- VU#783400 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-4041 advisory
- http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005 url
- http://xs-sniper.com/blog/remote-command-exec-firefox-2005 url