Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability
Publish Date: 21 Juli 2015
Schweregrad:: Kritisch
CVE Kennungen:: CVE-2007-4841
Hinweisdatum: 21 Juli 2015
Beschreibung
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1001032
Trend Micro Deep Security DPI Rule Name: 1001032 - Microsoft Windows URI Handler Registration Vulnerability
Betroffene Software und Version:
- Mozilla Firefox 2.0.0.8
- Mozilla SeaMonkey 1.1.5
- Mozilla Thunderbird 2.0.0.8