cbcvebase.
CVE-2007-4041
published 2007-07-27

CVE-2007-4041: Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00)…

PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
19.66%
97.1th percentile
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

Affected

5 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
mozillafirefox
mozillafirefox
mozillaseamonkey
mozillathunderbird

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.