Vulnerabilities > CVE-2007-3845 - Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Application | 3 |
Exploit-Db
| description | Multiple Browser URI Handlers Command Injection Vulnerabilities. CVE-2007-3845. Remote exploit for windows platform |
| id | EDB-ID:30381 |
| last seen | 2016-02-03 |
| modified | 2007-07-25 |
| published | 2007-07-25 |
| reporter | Billy Rios |
| source | https://www.exploit-db.com/download/30381/ |
| title | Multiple Browser URI Handlers Command Injection Vulnerabilities |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1345.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844 last seen 2020-06-01 modified 2020-06-02 plugin id 25853 published 2007-08-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25853 title Debian DSA-1345-1 : xulrunner - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1345. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(25853); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-3844", "CVE-2007-3845"); script_xref(name:"DSA", value:"1345"); script_name(english:"Debian DSA-1345-1 : xulrunner - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844 'moz_bug_r_a4' discovered that a regression in the handling of'about:blank' windows used by addons may lead to an attacker being able to modify the content of websites. - CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The oldstable distribution (sarge) doesn't include xulrunner." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3844" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3845" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1345" ); script_set_attribute( attribute:"solution", value: "Upgrade the xulrunner packages. For the stable distribution (etch) these problems have been fixed in version 1.8.0.13~pre070720-0etch3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libmozillainterfaces-java", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libmozjs-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libmozjs0d", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libmozjs0d-dbg", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnspr4-0d", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnspr4-0d-dbg", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnspr4-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-0d", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-0d-dbg", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-tools", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libsmjs-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libsmjs1", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libxul-common", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libxul-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libxul0d", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libxul0d-dbg", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"python-xpcom", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"spidermonkey-bin", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"xulrunner", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"xulrunner-gnome-support", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id SEAMONKEY_114.NASL description The installed version of SeaMonkey allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code on the affected host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 25842 published 2007-08-04 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25842 title SeaMonkey < 1.1.4 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-4596.NASL description This update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 27581 published 2007-10-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27581 title openSUSE 10 Security Update : seamonkey (seamonkey-4596) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-152.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6. This update provides the latest Firefox to correct these issues. As well, it provides Firefox 2.0.0.6 for older products. last seen 2020-06-01 modified 2020-06-02 plugin id 25836 published 2007-08-02 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25836 title Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:152) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-047.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9. This update provides the latest Thunderbird to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37880 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37880 title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:047) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-213-01.NASL description New mozilla-firefox packages are available for Slackware 11.0 and 12.0 to fix security issues. Note that Firefox 1.5.x has reached its EOL (end of life) and is no longer being updated by mozilla.com. Users of Firefox 1.5.x are encouraged to upgrade to Firefox 2.x. Since we use the official Firefox binaries, these packages should work equally well on earlier Slackware systems. last seen 2020-06-01 modified 2020-06-02 plugin id 25831 published 2007-08-02 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25831 title Slackware 11.0 / 12.0 : firefox (SSA:2007-213-01) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-4572.NASL description This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 27528 published 2007-10-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27528 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4572) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-503-1.NASL description Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 28107 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28107 title Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-503-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1344.NASL description Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844 last seen 2020-06-01 modified 2020-06-02 plugin id 25852 published 2007-08-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25852 title Debian DSA-1344-1 : iceweasel - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-4594.NASL description This update fixes several security issues in Mozilla SeaMonkey 1.1.5. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 27573 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27573 title openSUSE 10 Security Update : seamonkey (seamonkey-4594) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1391.NASL description Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3844 last seen 2020-06-01 modified 2020-06-02 plugin id 27546 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27546 title Debian DSA-1391-1 : icedove - several vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1346.NASL description Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844 last seen 2020-06-01 modified 2020-06-02 plugin id 25854 published 2007-08-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25854 title Debian DSA-1346-1 : iceape - several vulnerabilities NASL family Windows NASL id MOZILLA_THUNDERBIRD_2006.NASL description The installed version of Mozilla Thunderbird allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code, as well as privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 25837 published 2007-08-02 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25837 title Mozilla Thunderbird < 1.5.0.13 / 2.0.0.6 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-493-1.NASL description A flaw was discovered in handling of last seen 2020-06-01 modified 2020-06-02 plugin id 28095 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28095 title Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-493-1) NASL family Windows NASL id MOZILLA_FIREFOX_2006.NASL description The installed version of Firefox allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code on the affected host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 25820 published 2007-07-31 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25820 title Firefox < 2.0.0.6 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-4570.NASL description This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - Privilege escalation through chrome-loaded about:blank windows. (MFSA 2007-26 / CVE-2007-3844) Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 29362 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29362 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 4570) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-4574.NASL description This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 27529 published 2007-10-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27529 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4574)
Statements
| contributor | Joshua Bressers |
| lastmodified | 2007-10-10 |
| organization | Red Hat |
| statement | Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux. |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=389580
- http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
- https://issues.rpath.com/browse/RPL-1600
- http://www.debian.org/security/2007/dsa-1344
- http://www.debian.org/security/2007/dsa-1345
- http://www.debian.org/security/2007/dsa-1346
- http://www.debian.org/security/2007/dsa-1391
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
- http://www.ubuntu.com/usn/usn-493-1
- http://www.ubuntu.com/usn/usn-503-1
- http://secunia.com/advisories/26234
- http://secunia.com/advisories/26258
- http://secunia.com/advisories/26309
- http://secunia.com/advisories/26331
- http://secunia.com/advisories/26335
- http://secunia.com/advisories/26303
- http://secunia.com/advisories/26393
- http://secunia.com/advisories/26572
- http://secunia.com/advisories/27326
- http://secunia.com/advisories/27414
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
- http://secunia.com/advisories/28135
- https://bugzilla.mozilla.org/show_bug.cgi?id=389106
- http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
- http://www.securityfocus.com/bid/25053
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://www.vupen.com/english/advisories/2007/4256
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://www.vupen.com/english/advisories/2008/0082
- http://www.securityfocus.com/archive/1/475450/30/5550/threaded
- http://www.securityfocus.com/archive/1/475265/100/200/threaded