CVE-2007-4841 in Firefoxinfo

Summary

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

09/12/2007

Disclosure

09/12/2007

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
3406Mozilla Firefox onUnload input validation20Proof-of-ConceptOfficial fixCVE-2007-4841

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!