CVE-2007-3845
CVE-2007-3845
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/30381não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://bugzilla.mozilla.org/show_bug.cgi?id=389580http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579https://bugzilla.mozilla.org/show_bug.cgi?id=389106http://secunia.com/advisories/26234http://secunia.com/advisories/26258http://secunia.com/advisories/26303http://secunia.com/advisories/26309http://secunia.com/advisories/26331http://secunia.com/advisories/26335http://secunia.com/advisories/26393http://secunia.com/advisories/26572