Multiple Argument Injection Vulnerabilities in Mozilla Firefox by Mozilla
CVE-2007-4041

Currently unrated

Key Information:

Vendor

Microsoft
Status
Internet Explorer
Firefox
Vendor
CVE Published:
27 July 2007

What is CVE-2007-4041?

Mozilla Firefox versions 2.0.0.5 and 3.0alpha are susceptible to multiple argument injection vulnerabilities that allow remote attackers to execute arbitrary commands. By exploiting specially crafted mailto, nntp, news, snews, or telnet URIs containing a NULL byte (%00) and shell metacharacters, attackers can manipulate the application's behavior, leading to unauthorized command execution. This vulnerability poses a significant risk and serves as a concerning reminder of the importance of secure coding practices.

References

http://xs-sniper.com/blog/2007/07/24/remote-command-execu...
x_refsource_MISC
http://www.securityfocus.com/bid/25053
vdb-entryx_refsource_BID
http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.