CVE-2007-3285 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3285
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3285

Description: Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-490-1 SUSE http://www.novell.com/linux/security/advisories/2007_49_mozilla.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1 ST 1018413 SAID Secunia Advisory: SA26149 Secunia Advisory: SA26072 Secunia Advisory: SA26216 Secunia Advisory: SA26204 Secunia Advisory: SA26271 Secunia Advisory: SA26258 Secunia Advisory: SA28135 OSVDB 38032 MISC http://www.0x000000.com/?i=333 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:152 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 CONFIRM http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html http://www.mozilla.org/security/announce/2007/mfsa2007-22.html BID 24447

Return to the previous page.