CVE-2007-4041
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
27/07/2007
Last modified:
09/04/2025
Description
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_2003_server:*:sp2:datacenter_edition:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:*:sp2:enterprise_edition:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:*:sp2:standard_edition:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:*:sp2:web_edition:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:sp2:home_edition:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_edition:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.kb.cert.org/vuls/id/783400
- http://www.securityfocus.com/bid/25053
- http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/
- http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
- https://bugzilla.mozilla.org/show_bug.cgi?id=389106
- https://bugzilla.mozilla.org/show_bug.cgi?id=389580
- http://www.kb.cert.org/vuls/id/783400
- http://www.securityfocus.com/bid/25053
- http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/
- http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
- https://bugzilla.mozilla.org/show_bug.cgi?id=389106
- https://bugzilla.mozilla.org/show_bug.cgi?id=389580