CVE-2007-3670 in Chromeinformazioni

Riassunto

di MITRE

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

10/07/2007

Divulgazione

10/07/2007

Moderazione

accettato

Voce

2

Collegare

mostrare

CPE

pronto

Sfruttamento

Scaricare

EPSS

0.28647

KEV

no

Attività

molto basso

Settore

Chemical, Insurance, ...

Fonti

MITREhttps://www.cve.org/CVERecord?id=CVE-2007-3670
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2007-3670
CVE Detailshttps://www.cvedetails.com/cve/CVE-2007-3670/

PrecedenteVisione D'ensembleIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!