Vulnerability-Lookup

CVE-2007-3285 (GCVE-0-2007-3285)

Vulnerability from cvelistv5 – Published: 2007-06-20 23:00 – Updated: 2024-08-07 14:14

Summary

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.ubuntu.com/usn/usn-490-1	vendor-advisoryx_refsource_UBUNTU
	https://bugzilla.mozilla.org/show_bug.cgi?id=383478	x_refsource_MISC
	http://www.mozilla.org/security/announce/2007/mfs…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2007/4256	vdb-entryx_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securitytracker.com/id?1018413	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/24447	vdb-entryx_refsource_BID
	http://secunia.com/advisories/28135	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26216	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26072	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26149	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://osvdb.org/38032	vdb-entryx_refsource_OSVDB
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	ftp://ftp.slackware.com/pub/slackware/slackware-1…	x_refsource_CONFIRM
	http://support.novell.com/techcenter/psdb/07d098f…	x_refsource_CONFIRM
	http://secunia.com/advisories/26258	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26271	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://secunia.com/advisories/26204	third-party-advisoryx_refsource_SECUNIA
	http://www.0x000000.com/?i=333	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:14:12.778Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-490-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-490-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html"
          },
          {
            "name": "ADV-2007-4256",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4256"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "MDKSA-2007:152",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
          },
          {
            "name": "1018413",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018413"
          },
          {
            "name": "24447",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24447"
          },
          {
            "name": "28135",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28135"
          },
          {
            "name": "26216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26216"
          },
          {
            "name": "26072",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26072"
          },
          {
            "name": "26149",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26149"
          },
          {
            "name": "103177",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
          },
          {
            "name": "38032",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38032"
          },
          {
            "name": "SUSE-SA:2007:049",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
          },
          {
            "name": "26258",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26258"
          },
          {
            "name": "26271",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26271"
          },
          {
            "name": "201516",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
          },
          {
            "name": "26204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26204"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.0x000000.com/?i=333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-06T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-07-19T13:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-490-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-490-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html"
        },
        {
          "name": "ADV-2007-4256",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4256"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "MDKSA-2007:152",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
        },
        {
          "name": "1018413",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018413"
        },
        {
          "name": "24447",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24447"
        },
        {
          "name": "28135",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28135"
        },
        {
          "name": "26216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26216"
        },
        {
          "name": "26072",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26072"
        },
        {
          "name": "26149",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26149"
        },
        {
          "name": "103177",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
        },
        {
          "name": "38032",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38032"
        },
        {
          "name": "SUSE-SA:2007:049",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
        },
        {
          "name": "26258",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26258"
        },
        {
          "name": "26271",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26271"
        },
        {
          "name": "201516",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
        },
        {
          "name": "26204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26204"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.0x000000.com/?i=333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-3285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-490-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-490-1"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html"
            },
            {
              "name": "ADV-2007-4256",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4256"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "MDKSA-2007:152",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
            },
            {
              "name": "1018413",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018413"
            },
            {
              "name": "24447",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24447"
            },
            {
              "name": "28135",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28135"
            },
            {
              "name": "26216",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26216"
            },
            {
              "name": "26072",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26072"
            },
            {
              "name": "26149",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26149"
            },
            {
              "name": "103177",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
            },
            {
              "name": "38032",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38032"
            },
            {
              "name": "SUSE-SA:2007:049",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
            },
            {
              "name": "26258",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26258"
            },
            {
              "name": "26271",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26271"
            },
            {
              "name": "201516",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
            },
            {
              "name": "26204",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26204"
            },
            {
              "name": "http://www.0x000000.com/?i=333",
              "refsource": "MISC",
              "url": "http://www.0x000000.com/?i=333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-3285",
    "datePublished": "2007-06-20T23:00:00.000Z",
    "dateReserved": "2007-06-20T04:00:00.000Z",
    "dateUpdated": "2024-08-07T14:14:12.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2007-3285

Vulnerability from fkie_nvd - Published: 2007-06-20 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
secalert@redhat.com	http://osvdb.org/38032
secalert@redhat.com	http://secunia.com/advisories/26072	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26149	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26204	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26216	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26258	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/26271	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/28135	Vendor Advisory
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
secalert@redhat.com	http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
secalert@redhat.com	http://www.0x000000.com/?i=333
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
secalert@redhat.com	http://www.mozilla.org/security/announce/2007/mfsa2007-22.html
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
secalert@redhat.com	http://www.securityfocus.com/bid/24447	Exploit
secalert@redhat.com	http://www.securitytracker.com/id?1018413
secalert@redhat.com	http://www.ubuntu.com/usn/usn-490-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/4256	Vendor Advisory
secalert@redhat.com	https://bugzilla.mozilla.org/show_bug.cgi?id=383478
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38032
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26072	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26149	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26204	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26216	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26258	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26271	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28135	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
af854a3a-2127-422b-91ae-364da2661108	http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
af854a3a-2127-422b-91ae-364da2661108	http://www.0x000000.com/?i=333
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2007/mfsa2007-22.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24447	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018413
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-490-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4256	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=383478

Impacted products

Vendor	Product	Version
microsoft	windows	*
mozilla	firefox	*
mozilla	firefox	0.8
mozilla	firefox	0.9
mozilla	firefox	0.9.1
mozilla	firefox	0.9.2
mozilla	firefox	0.9.3
mozilla	firefox	0.10
mozilla	firefox	0.10.1
mozilla	firefox	1.0
mozilla	firefox	1.0.1
mozilla	firefox	1.0.2
mozilla	firefox	1.0.3
mozilla	firefox	1.0.4
mozilla	firefox	1.0.5
mozilla	firefox	1.0.6
mozilla	firefox	1.0.7
mozilla	firefox	1.0.8
mozilla	firefox	1.5
mozilla	firefox	1.5.0.1
mozilla	firefox	1.5.0.2
mozilla	firefox	1.5.0.3
mozilla	firefox	1.5.0.4
mozilla	firefox	1.5.0.5
mozilla	firefox	1.5.0.6
mozilla	firefox	1.5.0.7
mozilla	firefox	1.5.0.8
mozilla	firefox	1.5.0.9
mozilla	firefox	1.5.0.10
mozilla	firefox	1.5.0.11
mozilla	firefox	1.5.1
mozilla	firefox	1.5.2
mozilla	firefox	1.5.3
mozilla	firefox	1.5.4
mozilla	firefox	1.5.5
mozilla	firefox	1.5.6
mozilla	firefox	1.5.7
mozilla	firefox	1.5.8
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0.0.1
mozilla	firefox	2.0.0.2
mozilla	firefox	2.0.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99BB6C8-1877-4B70-B6EF-952E200ABABE",
              "versionEndIncluding": "2.0.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "834BB391-5EB5-43A8-980A-D305EDAE6FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2938F2-A801-45E5-8E06-BE03DE03C8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2917BD67-CE81-4B94-B241-D4A9DDA60319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A524A94E-F19B-42B9-AA8E-171751C339AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F71436CF-F756-44E0-8E69-6951F6B3E54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "582EE839-B83F-4908-9780-D0C92DC44FD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCB35099-B04E-4796-A25D-953329FE62F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DBEBCFD-80D6-466A-BAEF-C75E65A3B12E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30ACBCA-4FA1-46DE-8F15-4830BC27E160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9453EF65-7C69-449E-BF7C-4FECFB56713E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AA75825-21CF-475B-8040-126A13FA2216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA97C80E-17FA-4866-86CE-29886145ED80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE24BED-202E-416D-B5F2-8207D97B9939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "04198E04-CE1D-4A5A-A20C-D1E135B45F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A956C036-1E47-49B2-A971-69868A510B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F5AA254D-D41E-464F-9E2A-A950F08C6946",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B05D2655-6641-42BE-9793-30005AC9D40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox versiones anteriores a 2.0.0.5, cuando se ejecuta en Windows, permite a atacantes remotos omitir las comprobaciones del tipo de archivo y posiblemente ejecutar programas por medio de un URI (1) file:/// o (2) resource: con una extensi\u00f3n peligrosa, seguido de un byte NULL (%00) y una extensi\u00f3n m\u00e1s segura, lo que hace que Firefox trate el archivo solicitado de manera diferente a como lo har\u00eda Windows."
    }
  ],
  "id": "CVE-2007-3285",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-20T19:30:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/38032"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26072"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26149"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26204"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26216"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26258"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26271"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28135"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.0x000000.com/?i=333"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/24447"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1018413"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-490-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/4256"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/38032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.0x000000.com/?i=333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/24447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-490-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/4256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FCRM-W52M-C99V

Vulnerability from github – Published: 2022-05-03 03:18 – Updated: 2022-05-03 03:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3285"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-20T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.",
  "id": "GHSA-fcrm-w52m-c99v",
  "modified": "2022-05-03T03:18:13Z",
  "published": "2022-05-03T03:18:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3285"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/38032"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26072"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26149"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26204"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26216"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26258"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26271"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28135"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
    },
    {
      "type": "WEB",
      "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
    },
    {
      "type": "WEB",
      "url": "http://www.0x000000.com/?i=333"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24447"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018413"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-490-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4256"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2007-AVI-318

Vulnerability from certfr_avis - Published: 2007-07-18 - Updated: 2007-08-27

Plusieurs vulnérabilités ont été identifiées dans Mozilla Firefox. Elles ont fait l'objet de l'alerte CERTA-2007-ALE-012. L'exploitation de celles-ci peuvent conduire une personne malveillante à exécuter du code arbitraire, à interrompre le service, ou à récupérer des informations confidentielles sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans Mozilla Firefox. Elles ont fait l'objet de l'alerte CERTA-2007-ALE-012. Parmi celles-ci :

le navigateur pourrait sous certaines conditions se fermer, ou dysfonctionner, suite à des corruptions de mémoire possibles ;
une situation de compétition existerait entre les deux fonctions addEventListener et setTimeout. L'exploitation de celle-ci permettrait d'injecter du code, de manière indirecte, dans le contexte d'un autre site (attaque XSS) ;
une situation de compétition permettrait de modifier le contenu des cadres about:blank de la page. L'exploitation de cette vulnérabilité modifie l'apparence d'un site, dans le cadre d'attaques par filoutage par exemple ;
il est possible d'appeler les fonctions de manipulation d'événements pour des éléments qui sont indépendants du document, ce qui laisse l'opportunité à des personnes malveillantes d'exécuter des commandes arbitraires avec les droits chrome ;
l'interprétation de certaines adresses réticulaires comprenant le caractère %00 ne serait pas cohérente avec celle effectuée par Microsoft. Cette vulnérabilité permet ainsi à une personne locale au système d'exécuter des programmes avec des privilèges plus élevés, comme ceux de l'administrateur ;
il est possible d'appeler Firefox par le biais d'Internet Explorer. Ce problème a été décrit en particulier dans le bulletin d'actualité CERTA-2007-ACT-028 ;
il est possible de contourner la politique du navigateur qui vérifie la cohérence entre les sources des éléments (Same-Origin Policy), en accédant à certaines données en cache par le biais de la commande wyciwyg://. Une personne malveillante peut ainsi avoir accès à des informations confidentielles ou corrompre les fichiers en cache ;
il serait possible, par le biais du navigateur, de modifier XPCNativeWrapper afin d'exécuter à la place un code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur Mozilla pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Les versions de Mozilla Firefox antérieures à 2.0.0.5.

References

Title

Publication Time

GSD-2007-3285

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3285

Aliases

CVE-2007-3285

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3285",
    "description": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.",
    "id": "GSD-2007-3285",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-3285.html",
      "https://www.debian.org/security/2007/dsa-1337",
      "https://packetstormsecurity.com/files/cve/CVE-2007-3285"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3285"
      ],
      "details": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.",
      "id": "GSD-2007-3285",
      "modified": "2023-12-13T01:21:42.209116Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2007-3285",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "USN-490-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-490-1"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html"
          },
          {
            "name": "ADV-2007-4256",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4256"
          },
          {
            "name": "HPSBUX02153",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "MDKSA-2007:152",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
          },
          {
            "name": "1018413",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018413"
          },
          {
            "name": "24447",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24447"
          },
          {
            "name": "28135",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28135"
          },
          {
            "name": "26216",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26216"
          },
          {
            "name": "26072",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26072"
          },
          {
            "name": "26149",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26149"
          },
          {
            "name": "103177",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
          },
          {
            "name": "38032",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/38032"
          },
          {
            "name": "SUSE-SA:2007:049",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
          },
          {
            "name": "SSRT061181",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
            "refsource": "CONFIRM",
            "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
          },
          {
            "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
            "refsource": "CONFIRM",
            "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
          },
          {
            "name": "26258",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26258"
          },
          {
            "name": "26271",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26271"
          },
          {
            "name": "201516",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
          },
          {
            "name": "26204",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26204"
          },
          {
            "name": "http://www.0x000000.com/?i=333",
            "refsource": "MISC",
            "url": "http://www.0x000000.com/?i=333"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.0.0.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-3285"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.0x000000.com/?i=333",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.0x000000.com/?i=333"
            },
            {
              "name": "24447",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/24447"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=383478"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html"
            },
            {
              "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
            },
            {
              "name": "MDKSA-2007:152",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
            },
            {
              "name": "SUSE-SA:2007:049",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
            },
            {
              "name": "USN-490-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-490-1"
            },
            {
              "name": "1018413",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018413"
            },
            {
              "name": "26149",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26149"
            },
            {
              "name": "26072",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26072"
            },
            {
              "name": "26216",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26216"
            },
            {
              "name": "26204",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26204"
            },
            {
              "name": "26271",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26271"
            },
            {
              "name": "26258",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26258"
            },
            {
              "name": "103177",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
            },
            {
              "name": "28135",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28135"
            },
            {
              "name": "201516",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
            },
            {
              "name": "38032",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/38032"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "ADV-2007-4256",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/4256"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2019-10-09T22:53Z",
      "publishedDate": "2007-06-20T19:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3285 (GCVE-0-2007-3285)

FKIE_CVE-2007-3285

GHSA-FCRM-W52M-C99V

CERTA-2007-AVI-318

Description

Solution

GSD-2007-3285

Tags

Sightings

Nomenclature