CVE-2007-3845

N/A Unknown

Published: August 08, 2007 Modified: April 23, 2026

Description

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugzilla.mozilla.org/show_bug.cgi?id=389580

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

Source: secalert@redhat.com

http://secunia.com/advisories/26234

Source: secalert@redhat.com

http://secunia.com/advisories/26258

Source: secalert@redhat.com

http://secunia.com/advisories/26303

Source: secalert@redhat.com

http://secunia.com/advisories/26309

Source: secalert@redhat.com

http://secunia.com/advisories/26331

Source: secalert@redhat.com

http://secunia.com/advisories/26335

Source: secalert@redhat.com

http://secunia.com/advisories/26393

Source: secalert@redhat.com

http://secunia.com/advisories/26572

Source: secalert@redhat.com

http://secunia.com/advisories/27326

Source: secalert@redhat.com

http://secunia.com/advisories/27414

Source: secalert@redhat.com

http://secunia.com/advisories/28135

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1344

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1345

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1346

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1391

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:152

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2007:047

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2008:047

Source: secalert@redhat.com

http://www.mozilla.org/security/announce/2007/mfsa2007-27.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/475265/100/200/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/475450/30/5550/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/25053

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-493-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-503-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/4256

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/0082

Source: secalert@redhat.com

https://bugzilla.mozilla.org/show_bug.cgi?id=389106

Source: secalert@redhat.com

https://issues.rpath.com/browse/RPL-1600

Source: secalert@redhat.com

http://bugzilla.mozilla.org/show_bug.cgi?id=389580