Vulnerabilidad en Vulnerabilidad en productos de Mozilla (CVE-2007-3845)
Gravedad CVSS v2.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
08/08/2007
Última modificación:
09/04/2025
Descripción
Mozilla Firefox anterior a 2.0.0.6, Thunderbird anterior a 1.5.0.13 y 2.x anterior a 2.0.0.6, y SeaMonkey anterior a 1.1.4 permite a atacantes remotos ejecutar código de su elección mediante ciertos vectores asociados con el lanzamiento de "un programa de manejo de ficheros basado en la extensión del fichero al final del URI", una variante de CVE-2007-4041. El vendedor afirma que "todavía es posible lanzar un manipulador de tipo de fichero basado en la extensión en lugar de el manipulador de protocolo registrado".
Impacto
Puntuación base 2.0
9.30
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://bugzilla.mozilla.org/show_bug.cgi?id=389580
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
- http://secunia.com/advisories/26234
- http://secunia.com/advisories/26258
- http://secunia.com/advisories/26303
- http://secunia.com/advisories/26309
- http://secunia.com/advisories/26331
- http://secunia.com/advisories/26335
- http://secunia.com/advisories/26393
- http://secunia.com/advisories/26572
- http://secunia.com/advisories/27326
- http://secunia.com/advisories/27414
- http://secunia.com/advisories/28135
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://www.debian.org/security/2007/dsa-1344
- http://www.debian.org/security/2007/dsa-1345
- http://www.debian.org/security/2007/dsa-1346
- http://www.debian.org/security/2007/dsa-1391
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A152
- http://www.mandriva.com/security/advisories?name=MDVSA-2007%3A047
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A047
- http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
- http://www.securityfocus.com/archive/1/475265/100/200/threaded
- http://www.securityfocus.com/archive/1/475450/30/5550/threaded
- http://www.securityfocus.com/bid/25053
- http://www.ubuntu.com/usn/usn-493-1
- http://www.ubuntu.com/usn/usn-503-1
- http://www.vupen.com/english/advisories/2007/4256
- http://www.vupen.com/english/advisories/2008/0082
- https://bugzilla.mozilla.org/show_bug.cgi?id=389106
- https://issues.rpath.com/browse/RPL-1600
- http://bugzilla.mozilla.org/show_bug.cgi?id=389580
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
- http://secunia.com/advisories/26234
- http://secunia.com/advisories/26258
- http://secunia.com/advisories/26303
- http://secunia.com/advisories/26309
- http://secunia.com/advisories/26331
- http://secunia.com/advisories/26335
- http://secunia.com/advisories/26393
- http://secunia.com/advisories/26572
- http://secunia.com/advisories/27326
- http://secunia.com/advisories/27414
- http://secunia.com/advisories/28135
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://www.debian.org/security/2007/dsa-1344
- http://www.debian.org/security/2007/dsa-1345
- http://www.debian.org/security/2007/dsa-1346
- http://www.debian.org/security/2007/dsa-1391
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A152
- http://www.mandriva.com/security/advisories?name=MDVSA-2007%3A047
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A047
- http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
- http://www.securityfocus.com/archive/1/475265/100/200/threaded
- http://www.securityfocus.com/archive/1/475450/30/5550/threaded
- http://www.securityfocus.com/bid/25053
- http://www.ubuntu.com/usn/usn-493-1
- http://www.ubuntu.com/usn/usn-503-1
- http://www.vupen.com/english/advisories/2007/4256
- http://www.vupen.com/english/advisories/2008/0082
- https://bugzilla.mozilla.org/show_bug.cgi?id=389106
- https://issues.rpath.com/browse/RPL-1600