CVE Reference: CVE-2007-4841

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-4841

Description:
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

CVE Status:
Candidate

References:

SLACKWARE
  http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007

SAID
  Secunia Advisory: SA27311
  Secunia Advisory: SA27315
  Secunia Advisory: SA27414
  Secunia Advisory: SA27360
  Secunia Advisory: SA28363
  Secunia Advisory: SA28398
  Secunia Advisory: SA27744

MISC
  http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/

MANDRIVA
  http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

HP
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

CONFIRM
  http://www.mozilla.org/security/announce/2007/mfsa2007-36.html

BID
  25543


Return to the previous page.