Cross-browser Scripting Vulnerability in Microsoft Internet Explorer Affecting Firefox
CVE-2007-3670

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Firefox
Vendor: CVE Published:; 10 July 2007

What is CVE-2007-3670?

An argument injection vulnerability exists in Microsoft Internet Explorer that can be exploited when running Firefox on the same system and with certain URIs registered. This flaw enables remote attackers to perform cross-browser scripting attacks, allowing the execution of arbitrary commands via maliciously crafted FirefoxURL or FirefoxHTML URIs. The underlying issue stems from Internet Explorer's improper handling of URL arguments during the invocation of Firefox, raising questions about protocol handler validation. Mozilla has committed to implementing a defense-in-depth solution to mitigate this risk.

References

http://www.vupen.com/english/advisories/2007/2473

vdb-entryx_refsource_VUPEN

http://www.ubuntu.com/usn/usn-503-1

vendor-advisoryx_refsource_UBUNTU

http://www.securitytracker.com/id?1018360

vdb-entryx_refsource_SECTRACK

EPSS Score

49% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2007
Vulnerability Reserved
Jul 10, 2007