Launchpad.net

CVE 2007-3845

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

Related bugs and status

CVE-2007-3845 (Candidate) is related to these bugs:

Bug #112818: wrong pkgconfig dependencies break builds

Summary				In	Importance	Status
	112818	wrong pkgconfig dependencies break builds		firefox (Ubuntu)	High	Fix Released

Bug #123045: Launcher icon missing, red "X" displayed instead

Summary				In	Importance	Status
	123045	Launcher icon missing, red "X" displayed instead		gnome-panel (Ubuntu)	Low	Invalid
	123045	Launcher icon missing, red "X" displayed instead		firefox (Ubuntu)	Undecided	Fix Released

Bug #126110: [gutsy] menu item translations lost

Summary				In	Importance	Status
	126110	[gutsy] menu item translations lost		firefox (Ubuntu)	Undecided	Fix Released

Bug #129369: [Firefox] security update release 2.0.0.6 available from upstream

Summary				In	Importance	Status
	129369	[Firefox] security update release 2.0.0.6 available from upstream		firefox (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-3845

Related bugs and status

Related bugs

References