Vulnerability Name:

CVE-2007-3845 (CCN-38327)

Assigned:2007-07-20
Published:2007-07-20
Updated:2018-10-15
Summary:Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041.
Note: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: UNKNOWN
http://bugzilla.mozilla.org/show_bug.cgi?id=389580

Source: MITRE
Type: CNA
CVE-2007-3845

Source: HP
Type: UNKNOWN
HPSBUX02153

Source: HP
Type: UNKNOWN
HPSBUX02156

Source: CCN
Type: Jesper's Blog, 20 July 2007 10:25 PM
Hey, Mozilla: Quotes Are Not Legal in a URL

Source: SECUNIA
Type: UNKNOWN
26234

Source: SECUNIA
Type: UNKNOWN
26258

Source: SECUNIA
Type: UNKNOWN
26303

Source: SECUNIA
Type: UNKNOWN
26309

Source: SECUNIA
Type: UNKNOWN
26331

Source: SECUNIA
Type: UNKNOWN
26335

Source: SECUNIA
Type: UNKNOWN
26393

Source: SECUNIA
Type: UNKNOWN
26572

Source: SECUNIA
Type: UNKNOWN
27326

Source: SECUNIA
Type: UNKNOWN
27414

Source: CCN
Type: SA28135
Sun Solaris Firefox / Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28135

Source: SLACKWARE
Type: UNKNOWN
SSA:2007-213-01

Source: CCN
Type: Sun Alert ID: 103177
Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data

Source: SUNALERT
Type: UNKNOWN
103177

Source: SUNALERT
Type: UNKNOWN
201516

Source: CCN
Type: ASA-2008-008
Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data (Sun 103177)

Source: DEBIAN
Type: UNKNOWN
DSA-1344

Source: DEBIAN
Type: UNKNOWN
DSA-1345

Source: DEBIAN
Type: UNKNOWN
DSA-1346

Source: DEBIAN
Type: UNKNOWN
DSA-1391

Source: DEBIAN
Type: DSA-1344
iceweasel -- several vulnerabilities

Source: DEBIAN
Type: DSA-1345
xulrunner -- several vulnerabilities

Source: DEBIAN
Type: DSA-1346
iceape -- several vulnerabilities

Source: DEBIAN
Type: DSA-1391
icedove -- several vulnerabilities

Source: CCN
Type: US-CERT VU#783400
Mozilla Firefox URI filtering vulnerability

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:152

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2007:047

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:047

Source: CCN
Type: MFSA 2007-27
Unescaped URIs passed to external programs

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html

Source: CCN
Type: OSVDB ID: 38030
Mozilla Firefox Unexpected % Encoding URI File Handling Arbitrary Command Execution

Source: BUGTRAQ
Type: UNKNOWN
20070801 FLEA-2007-0039-1 firefox

Source: BUGTRAQ
Type: UNKNOWN
20070803 FLEA-2007-0040-1 thunderbird

Source: BID
Type: UNKNOWN
25053

Source: CCN
Type: BID-25053
Multiple Browser URI Handlers Command Injection Vulnerabilities

Source: CCN
Type: USN-493-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-493-1

Source: CCN
Type: USN-503-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-503-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-4256

Source: VUPEN
Type: UNKNOWN
ADV-2008-0082

Source: CCN
Type: Bugzilla@Mozilla - Bug 389106
(CVE-2007-3845) - Escape URIs (especially quotes) when passing them to external protocol handlers

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=389106

Source: XF
Type: UNKNOWN
mozilla-uri-ext-command-execution(38327)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1600

Source: SUSE
Type: SUSE-SA:2007:057
Mozilla Security Update

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_xp:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073845
    V
    		CVE-2007-3845
    2015-11-16
    oval:org.mitre.oval:def:17637
    P
    		USN-503-1 -- mozilla-thunderbird vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18825
    P
    		DSA-1344-1 iceweasel
    2014-06-23
    oval:org.mitre.oval:def:20237
    P
    		DSA-1345-1 xulrunner
    2014-06-23
    oval:org.mitre.oval:def:17867
    P
    		DSA-1391-1 icedove - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:18682
    P
    		DSA-1346-1 iceape
    2014-06-23
    oval:org.debian:def:1391
    V
    		several vulnerabilities
    2007-10-19
    oval:org.debian:def:1345
    V
    		several vulnerabilities
    2007-08-04
    oval:org.debian:def:1346
    V
    		several vulnerabilities
    2007-08-04
    oval:org.debian:def:1344
    V
    		several vulnerabilities
    2007-08-03
    BACK
    microsoft windows xp *
    mozilla firefox 2.0.0.5
    mozilla seamonkey 1.1.3
    mozilla thunderbird 2.0.0.5
    mozilla firefox 2.0
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5.0.7
    mozilla thunderbird 1.5.0.9
    mozilla firefox 2.0.0.1
    mozilla firefox 2.0.0.2
    mozilla firefox 2.0.0.3
    mozilla firefox 2.0.0.4
    mozilla firefox 2.0.0.5
    mozilla thunderbird 2.0.0.5
    mozilla seamonkey 1.1.3
    mozilla thunderbird 1.5.0.10
    mozilla thunderbird 1.5.0.11
    mozilla thunderbird 1.5.0.12
    mozilla thunderbird 1.5.0.6
    mozilla thunderbird 1.5.0.5
    mozilla thunderbird 1.5.0.8
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.3
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.1
    mozilla thunderbird 2.0.0.4
    mozilla thunderbird 2.0.0.3
    mozilla thunderbird 2.0.0.2
    mozilla thunderbird 2.0.0.1
    mozilla seamonkey 1.1.2
    mozilla seamonkey 1.1.1
    mozilla thunderbird 2.0.0.0
    mandrakesoft mandrake linux corporate server 3.0
    novell linux desktop 9
    novell open enterprise server *
    sun solaris 10
    sun solaris 10
    canonical ubuntu 6.06
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2007.1
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3