PublicDate: 2007-08-08 01:17:00 UTC
Candidate: CVE-2007-3845
References:
 https://ubuntu.com/security/notices/USN-493-1
 https://ubuntu.com/security/notices/USN-503-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3845
Description:
 Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before
 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute
 arbitrary commands via certain vectors associated with launching "a file
 handling program based on the file extension at the end of the URI," a
 variant of CVE-2007-4041.  NOTE: the vendor states that "it is still
 possible to launch a filetype handler based on extension rather than the
 registered protocol handler."
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_midbrowser: DNE
edgy_midbrowser: DNE
feisty_midbrowser: DNE
devel_midbrowser: released (0.1.6b-0ubuntu2)
dapper_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.6.06)
edgy_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.6.10)
feisty_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.7.04)
devel_mozilla-thunderbird: DNE
dapper_firefox: released (1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
edgy_firefox: released (2.0.0.6+0dfsg-0ubuntu0.6.10)
feisty_firefox: released (2.0.0.6+1-0ubuntu1)
devel_firefox: not-affected
dapper_iceape: DNE
edgy_iceape: DNE
feisty_iceape: DNE
devel_iceape: released (1.1.4-1ubuntu2)
upstream_firefox: needs-triage
upstream_iceape: needs-triage
upstream_midbrowser: needs-triage
upstream_mozilla-thunderbird: needs-triage