Computer Security

CVE-2007-3845
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2007-3845
StatusCandidate
DescriptionMozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041.  NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
PhaseAssigned (18.07.2007)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3845
ReferencesBUGTRAQ : 20070801 FLEA-2007-0039-1 firefox
 CONFIRM : http://bugzilla.mozilla.org/show_bug.cgi?id=389580
 CONFIRM : http://www.mozilla.org/security/announce/2007/mfsa...
 CONFIRM : https://issues.rpath.com/browse/RPL-1600
 DEBIAN : DSA-1344
 DEBIAN : DSA-1345
 DEBIAN : DSA-1346
 MANDRIVA : MDKSA-2007:152
 SECUNIA : 26234
 SECUNIA : 26258
 SECUNIA : 26303
 SECUNIA : 26309
 SECUNIA : 26331
 SECUNIA : 26335
 SECUNIA : 26393
 SECUNIA : 26572
 SLACKWARE : SSA:2007-213-01
 UBUNTU : USN-493-1
 UBUNTU : USN-503-1
SecurityVulns:Mozilla Firefox / Thunderbird URL processing code execution
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server