CVE-2007-4841Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
8.9%
top 7.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedSep 12
Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox2.0.0.8
NVDmozilla/thunderbird2.0.0.8

🔴Vulnerability Details

1
GHSA
GHSA-h749-rwwx-gp8x: Mozilla Firefox before 22022-05-01

📋Vendor Advisories

1
Red Hat
CVE-2007-4841: Mozilla Firefox before 2
CVE-2007-4841 — Improper Input Validation in Mozilla | cvebase