CVE-2007-3845

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching a file handling program based on the file extension at the end of the URI, a variant of CVE-2007-4041. NOTE: the vendor states that it is still possible to launch a filetype handler based on extension rather than the registered protocol handler.

Affected Software

References

• http://bugzilla.mozilla.org/show_bug.cgi?id=389580
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
• http://secunia.com/advisories/26234
• http://secunia.com/advisories/26258
• http://secunia.com/advisories/26303
• http://secunia.com/advisories/26309
• http://secunia.com/advisories/26331
• http://secunia.com/advisories/26335
• http://secunia.com/advisories/26393
• http://secunia.com/advisories/26572
• http://secunia.com/advisories/27326
• http://secunia.com/advisories/27414
• http://secunia.com/advisories/28135
• http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.010101
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
• http://www.debian.org/security/2007/dsa-1344
• http://www.debian.org/security/2007/dsa-1345
• http://www.debian.org/security/2007/dsa-1346
• http://www.debian.org/security/2007/dsa-1391
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
• http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
• http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
• http://www.securityfocus.com/archive/1/475265/100/200/threaded
• http://www.securityfocus.com/archive/1/475450/30/5550/threaded
• http://www.securityfocus.com/bid/25053
• http://www.ubuntu.com/usn/usn-493-1
• http://www.ubuntu.com/usn/usn-503-1
• http://www.vupen.com/english/advisories/2007/4256
• http://www.vupen.com/english/advisories/2008/0082
• https://bugzilla.mozilla.org/show_bug.cgi?id=389106
• https://issues.rpath.com/browse/RPL-1600
• http://bugzilla.mozilla.org/show_bug.cgi?id=389580
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
• http://secunia.com/advisories/26234
• http://secunia.com/advisories/26258
• http://secunia.com/advisories/26303
• http://secunia.com/advisories/26309
• http://secunia.com/advisories/26331
• http://secunia.com/advisories/26335
• http://secunia.com/advisories/26393
• http://secunia.com/advisories/26572
• http://secunia.com/advisories/27326
• http://secunia.com/advisories/27414
• http://secunia.com/advisories/28135
• http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.010101
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
• http://www.debian.org/security/2007/dsa-1344
• http://www.debian.org/security/2007/dsa-1345
• http://www.debian.org/security/2007/dsa-1346
• http://www.debian.org/security/2007/dsa-1391
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
• http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
• http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
• http://www.securityfocus.com/archive/1/475265/100/200/threaded
• http://www.securityfocus.com/archive/1/475450/30/5550/threaded
• http://www.securityfocus.com/bid/25053
• http://www.ubuntu.com/usn/usn-493-1
• http://www.ubuntu.com/usn/usn-503-1
• http://www.vupen.com/english/advisories/2007/4256
• http://www.vupen.com/english/advisories/2008/0082
• https://bugzilla.mozilla.org/show_bug.cgi?id=389106
• https://issues.rpath.com/browse/RPL-1600