Argument Injection Vulnerability in Microsoft Internet Explorer with SeaMonkey
CVE-2007-3954

Currently unrated

Key Information:

Vendor
Mozilla
Status
Seamonkey
Internet Explorer
Vendor
CVE Published:
24 July 2007

Summary

This vulnerability allows remote attackers to exploit an argument injection flaw in Microsoft Internet Explorer when installed alongside SeaMonkey. By manipulating shell metacharacters in a 'mailto' URI, attackers can perform cross-browser scripting attacks and execute arbitrary commands. This issue arises due to how commands are processed when invoking SeaMonkey.exe, particularly when specific URIs are registered on affected systems. This situation highlights the potential risks of misconfigured browser interactions and the importance of applying security measures to safeguard against such threats. Further details can be found through related vulnerability resources.

References

http://larholm.com/2007/07/23/seamonkey-suite-affected-by...
x_refsource_MISC
http://www.securityfocus.com/bid/25021
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
CVE-2007-3954 : Argument Injection Vulnerability in Microsoft Internet Explorer with SeaMonkey | SecurityVulnerability.io