Upstream information
Description
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
National Vulnerability Database | |
---|---|
Base Score | 9.3 |
Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
- SUSE-SA:2007:057, published Thu, 25 Oct 2007 18:00:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE LINUX 10.0 |
| |
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0 |
|
slrs8.x86 ul1.s390 YOU Patch Nr: 11935 |
SUSE LINUX 10.1 |
| |
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 |
|
Builds YOU Patch Nr: 11927 |
SUSE LINUX 10.1 |
| |
Novell Linux Desktop 9 for x86 |
|
sles9-nld.x86-64 sles9-nld.x86 core9.x86 core9.s390 YOU Patch Nr: 11944 |
Novell Linux Desktop 9 for x86_64 |
|
sles9-nld.x86-64 sles9-nld.x86 core9.x86 core9.s390 YOU Patch Nr: 11944 |
Open Enterprise Server |
|
sles9-nld.x86-64 sles9-nld.x86 core9.x86 core9.s390 YOU Patch Nr: 11944 |
SUSE LINUX 10.0 |
|