CVE-2007-3285
Publication date 20 June 2007
Last updated 17 July 2025
Ubuntu priority
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 7.04 feisty |
Fixed 2.0.0.6+1-0ubuntu1
|
6.10 edgy |
Fixed 2.0.0.6+0dfsg-0ubuntu0.6.10
|
|
6.06 LTS dapper |
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
|
|
iceape | 7.04 feisty | Not in release |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
midbrowser | 7.04 feisty | Not in release |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release |