CVE-2007-4841

Description

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

Read the notes from the security team

• How can I get the fixes?
• What do statuses mean?

Notes

References

• MITRE
• NVD
• Launchpad
• Debian

Other references

• http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
• https://www.cve.org/CVERecord?id=CVE-2007-4841