Home > Vulnerability Database > CVE-2007-3845

Mend.io Vulnerability Database

CVE-2007-3845

Date: August 7, 2007

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

Severity Score

8.8

Related Resources (37)

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-27.html

Url: http://secunia.com/advisories/26393

Url: http://www.vupen.com/english/advisories/2007/4256

Url: http://www.debian.org/security/2007/dsa-1346

Url: http://www.debian.org/security/2007/dsa-1345

Url: https://issues.rpath.com/browse/RPL-1600

Url: http://www.ubuntu.com/usn/usn-503-1

Url: http://www.debian.org/security/2007/dsa-1344

Url: http://www.securityfocus.com/archive/1/475450/30/5550/threaded

Url: http://bugzilla.mozilla.org/show_bug.cgi?id=389580

Url: http://www.vupen.com/english/advisories/2008/0082

Url: http://secunia.com/advisories/26309

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:152

Url: http://secunia.com/advisories/27414

Url: http://secunia.com/advisories/26303

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2007:047

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=389106

Url: http://www.ubuntu.com/usn/usn-493-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-3845

Url: http://www.securityfocus.com/archive/1/475265/100/200/threaded

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3845

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:047

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101

Url: http://www.debian.org/security/2007/dsa-1391

Url: http://secunia.com/advisories/26234

Url: http://www.securityfocus.com/bid/25053

Url: http://secunia.com/advisories/26331

Url: http://secunia.com/advisories/26572

Url: http://secunia.com/advisories/28135

Url: http://secunia.com/advisories/27326

Url: http://secunia.com/advisories/26258

Url: http://secunia.com/advisories/26335

Url: https://www.mend.io/vulnerability-database/CVE-2007-3845

Severity Score

8.8

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-3845

Date: August 7, 2007

Severity Score

Related Resources (37)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?