cbcvebase.
CVE-2007-3845
published 2007-08-08

CVE-2007-3845: Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary…

PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.70%
92.0th percentile
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

Affected

7 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
mozillafirefox<= 2.0.0.8
mozillafirefox
mozillaseamonkey<= 1.1.5
mozillaseamonkey
mozillathunderbird<= 2.0.0.8
mozillathunderbird

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.