CVE-2007-3845
published 2007-08-08CVE-2007-3845: Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.70%
92.0th percentile
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| mozilla | firefox | <= 2.0.0.8 | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | <= 1.1.5 | — |
| mozilla | seamonkey | — | — |
| mozilla | thunderbird | <= 2.0.0.8 | — |
| mozilla | thunderbird | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Mozilla: Unescaped URIs passed to external programs
vendor_redhat·2008-07-30·CVSS 9.3
CVE-2007-3845 [CRITICAL] CWE-150 Mozilla: Unescaped URIs passed to external programs
Mozilla: Unescaped URIs passed to external programs
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
The Mozilla Foundation Security Advisory describes this flaw as:
Jesper Johansson pointed out that Mozilla did not percent-encode spaces and double-quotes in URIs handed off to external programs for handling, which can cause the receiving program to mistakenly interpret a single URI as
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2007-08-25·CVSS 4.3
CVE-2007-3845 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user's privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable it.
(CVE-2007-3734, CVE-2007-3735, CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious email,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3670, CVE-2007-3845)
Instructions: After a standard system upgrade you need to restart Thunde
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2007-08-01·CVSS 4.3
CVE-2007-3844 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845)
Instructions: After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Red Hat
CVE-2007-4841: Mozilla Firefox before 2
vendor_redhat·CVSS 9.3
CVE-2007-4841 [CRITICAL] CVE-2007-4841: Mozilla Firefox before 2
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
Statement: Not vulnerable. This flaw does not affect the Linux version of Firefox.
GHSA
GHSA-fq6c-fr6q-6pmq: Mozilla Firefox before 2
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-3845 [MEDIUM] GHSA-fq6c-fr6q-6pmq: Mozilla Firefox before 2
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
GHSA
GHSA-h749-rwwx-gp8x: Mozilla Firefox before 2
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-4841 [CRITICAL] CWE-20 GHSA-h749-rwwx-gp8x: Mozilla Firefox before 2
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
GHSA
GHSA-wmhg-7fm8-r4vp: The URL handling in Shell32
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-3896 [CRITICAL] CWE-20 GHSA-wmhg-7fm8-r4vp: The URL handling in Shell32
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
VulnCheck
Microsoft Windows Improper Input Validation
vulncheck·2007·CVSS 9.3
CVE-2007-3896 [CRITICAL] Microsoft Windows Improper Input Validation
Microsoft Windows Improper Input Validation
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploi
No detection rules found.
No writeups or analysis indexed.
http://bugzilla.mozilla.org/show_bug.cgi?id=389580http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579http://secunia.com/advisories/26234http://secunia.com/advisories/26258http://secunia.com/advisories/26303http://secunia.com/advisories/26309http://secunia.com/advisories/26331http://secunia.com/advisories/26335http://secunia.com/advisories/26393http://secunia.com/advisories/26572http://secunia.com/advisories/27326http://secunia.com/advisories/27414http://secunia.com/advisories/28135http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1http://www.debian.org/security/2007/dsa-1344http://www.debian.org/security/2007/dsa-1345http://www.debian.org/security/2007/dsa-1346http://www.debian.org/security/2007/dsa-1391http://www.mandriva.com/security/advisories?name=MDKSA-2007:152http://www.mandriva.com/security/advisories?name=MDVSA-2007:047http://www.mandriva.com/security/advisories?name=MDVSA-2008:047http://www.mozilla.org/security/announce/2007/mfsa2007-27.htmlhttp://www.securityfocus.com/archive/1/475265/100/200/threadedhttp://www.securityfocus.com/archive/1/475450/30/5550/threadedhttp://www.securityfocus.com/bid/25053http://www.ubuntu.com/usn/usn-493-1http://www.ubuntu.com/usn/usn-503-1http://www.vupen.com/english/advisories/2007/4256http://www.vupen.com/english/advisories/2008/0082https://bugzilla.mozilla.org/show_bug.cgi?id=389106https://issues.rpath.com/browse/RPL-1600http://bugzilla.mozilla.org/show_bug.cgi?id=389580http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579http://secunia.com/advisories/26234http://secunia.com/advisories/26258http://secunia.com/advisories/26303http://secunia.com/advisories/26309http://secunia.com/advisories/26331http://secunia.com/advisories/26335http://secunia.com/advisories/26393http://secunia.com/advisories/26572http://secunia.com/advisories/27326http://secunia.com/advisories/27414http://secunia.com/advisories/28135http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1http://www.debian.org/security/2007/dsa-1344http://www.debian.org/security/2007/dsa-1345http://www.debian.org/security/2007/dsa-1346http://www.debian.org/security/2007/dsa-1391http://www.mandriva.com/security/advisories?name=MDKSA-2007:152http://www.mandriva.com/security/advisories?name=MDVSA-2007:047http://www.mandriva.com/security/advisories?name=MDVSA-2008:047http://www.mozilla.org/security/announce/2007/mfsa2007-27.htmlhttp://www.securityfocus.com/archive/1/475265/100/200/threadedhttp://www.securityfocus.com/archive/1/475450/30/5550/threadedhttp://www.securityfocus.com/bid/25053http://www.ubuntu.com/usn/usn-493-1http://www.ubuntu.com/usn/usn-503-1http://www.vupen.com/english/advisories/2007/4256http://www.vupen.com/english/advisories/2008/0082https://bugzilla.mozilla.org/show_bug.cgi?id=389106https://issues.rpath.com/browse/RPL-1600
2007-08-08
Published