Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3845Improper Neutralization of Escape, Meta, or Control Sequences in Mozilla Firefox

CWE-150Improper Neutralization of Escape, Meta, or Control SequencesCWE-20Improper Input Validation12 documents6 sources
Severity
9.3CRITICALNVD
EPSS
44.1%
top 2.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedAug 8
Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox2.0.0.8+1
NVDmozilla/seamonkey1.1.5+1
NVDmozilla/thunderbird2.0.0.8+1

🔴Vulnerability Details

4
GHSA
GHSA-fq6c-fr6q-6pmq: Mozilla Firefox before 22022-05-01
GHSA
GHSA-h749-rwwx-gp8x: Mozilla Firefox before 22022-05-01
GHSA
GHSA-wmhg-7fm8-r4vp: The URL handling in Shell322022-05-01
VulnCheck
Microsoft Windows Improper Input Validation2007

💥Exploits & PoCs

1
Exploit-DB
Multiple Browsers - URI Handlers Command Injection2007-07-25

📋Vendor Advisories

4
Red Hat
Mozilla: Unescaped URIs passed to external programs2008-07-30
Ubuntu
Thunderbird vulnerabilities2007-08-25
Ubuntu
Firefox vulnerabilities2007-08-01
Red Hat
CVE-2007-4841: Mozilla Firefox before 2