Vulnerability-Lookup

CVE-2007-3670 (GCVE-0-2007-3670)

Vulnerability from cvelistv5 – Published: 2007-07-10 23:00 – Updated: 2024-08-07 14:28

Summary

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2473	vdb-entryx_refsource_VUPEN
	http://www.ubuntu.com/usn/usn-503-1	vendor-advisoryx_refsource_UBUNTU
	http://www.securitytracker.com/id?1018360	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id?1018351	vdb-entryx_refsource_SECTRACK
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://blog.mozilla.com/security/2007/07/10/secur…	x_refsource_MISC
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/25984	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.us-cert.gov/cas/techalerts/TA07-199A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/28179	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/24837	vdb-entryx_refsource_BID
	http://msinfluentials.com/blogs/jesper/archive/20…	x_refsource_MISC
	http://secunia.com/advisories/26216	third-party-advisoryx_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.virusbtn.com/news/virus_news/2007/07_11.xml	x_refsource_MISC
	http://www.theregister.co.uk/2007/07/11/ie_firefo…	x_refsource_MISC
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://www.vupen.com/english/advisories/2007/2565	vdb-entryx_refsource_VUPEN
	http://www.mozilla.org/security/announce/2007/mfs…	x_refsource_CONFIRM
	http://secunia.com/advisories/26149	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0082	vdb-entryx_refsource_VUPEN
	http://osvdb.org/38017	vdb-entryx_refsource_OSVDB
	http://www.mozilla.org/security/announce/2007/mfs…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/358017	third-party-advisoryx_refsource_CERT-VN
	http://www.xs-sniper.com/sniperscope/IE-Pwns-Fire…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/4272	vdb-entryx_refsource_VUPEN
	http://larholm.com/2007/07/10/internet-explorer-0…	x_refsource_MISC
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	ftp://ftp.slackware.com/pub/slackware/slackware-1…	x_refsource_CONFIRM
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://support.novell.com/techcenter/psdb/07d098f…	x_refsource_CONFIRM
	http://secunia.com/advisories/26258	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/28363	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/473276/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/26271	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26204	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26572	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26096	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:51.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2473",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2473"
          },
          {
            "name": "USN-503-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-503-1"
          },
          {
            "name": "1018360",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018360"
          },
          {
            "name": "1018351",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018351"
          },
          {
            "name": "HPSBUX02156",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "MDKSA-2007:152",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
          },
          {
            "name": "25984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25984"
          },
          {
            "name": "ie-firefoxurl-command-execution(35346)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
          },
          {
            "name": "TA07-199A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
          },
          {
            "name": "28179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28179"
          },
          {
            "name": "24837",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24837"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
          },
          {
            "name": "26216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26216"
          },
          {
            "name": "SSRT061236",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
          },
          {
            "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
          },
          {
            "name": "ADV-2007-2565",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2565"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
          },
          {
            "name": "26149",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26149"
          },
          {
            "name": "ADV-2008-0082",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0082"
          },
          {
            "name": "38017",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
          },
          {
            "name": "VU#358017",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/358017"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
          },
          {
            "name": "ADV-2007-4272",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4272"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
          },
          {
            "name": "SUSE-SA:2007:049",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
          },
          {
            "name": "20070710 Internet Explorer 0day exploit",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
          },
          {
            "name": "26258",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26258"
          },
          {
            "name": "28363",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28363"
          },
          {
            "name": "20070710 Internet Explorer 0day exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
          },
          {
            "name": "26271",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26271"
          },
          {
            "name": "26204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26204"
          },
          {
            "name": "26572",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26572"
          },
          {
            "name": "26096",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26096"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-10T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2473",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2473"
        },
        {
          "name": "USN-503-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-503-1"
        },
        {
          "name": "1018360",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018360"
        },
        {
          "name": "1018351",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018351"
        },
        {
          "name": "HPSBUX02156",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "MDKSA-2007:152",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
        },
        {
          "name": "25984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25984"
        },
        {
          "name": "ie-firefoxurl-command-execution(35346)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
        },
        {
          "name": "TA07-199A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
        },
        {
          "name": "28179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28179"
        },
        {
          "name": "24837",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24837"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
        },
        {
          "name": "26216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26216"
        },
        {
          "name": "SSRT061236",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
        },
        {
          "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
        },
        {
          "name": "ADV-2007-2565",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2565"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
        },
        {
          "name": "26149",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26149"
        },
        {
          "name": "ADV-2008-0082",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0082"
        },
        {
          "name": "38017",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
        },
        {
          "name": "VU#358017",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/358017"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
        },
        {
          "name": "ADV-2007-4272",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4272"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
        },
        {
          "name": "SUSE-SA:2007:049",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
        },
        {
          "name": "20070710 Internet Explorer 0day exploit",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
        },
        {
          "name": "26258",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26258"
        },
        {
          "name": "28363",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28363"
        },
        {
          "name": "20070710 Internet Explorer 0day exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
        },
        {
          "name": "26271",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26271"
        },
        {
          "name": "26204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26204"
        },
        {
          "name": "26572",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26572"
        },
        {
          "name": "26096",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26096"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3670",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2473",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2473"
            },
            {
              "name": "USN-503-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-503-1"
            },
            {
              "name": "1018360",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018360"
            },
            {
              "name": "1018351",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018351"
            },
            {
              "name": "HPSBUX02156",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
            },
            {
              "name": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/",
              "refsource": "MISC",
              "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "MDKSA-2007:152",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
            },
            {
              "name": "25984",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25984"
            },
            {
              "name": "ie-firefoxurl-command-execution(35346)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
            },
            {
              "name": "TA07-199A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
            },
            {
              "name": "28179",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28179"
            },
            {
              "name": "24837",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24837"
            },
            {
              "name": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx",
              "refsource": "MISC",
              "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
            },
            {
              "name": "26216",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26216"
            },
            {
              "name": "SSRT061236",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
            },
            {
              "name": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml",
              "refsource": "MISC",
              "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
            },
            {
              "name": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/",
              "refsource": "MISC",
              "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
            },
            {
              "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
            },
            {
              "name": "ADV-2007-2565",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2565"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
            },
            {
              "name": "26149",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26149"
            },
            {
              "name": "ADV-2008-0082",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0082"
            },
            {
              "name": "38017",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38017"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
            },
            {
              "name": "VU#358017",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/358017"
            },
            {
              "name": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html",
              "refsource": "MISC",
              "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
            },
            {
              "name": "ADV-2007-4272",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4272"
            },
            {
              "name": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/",
              "refsource": "MISC",
              "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
            },
            {
              "name": "SUSE-SA:2007:049",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
            },
            {
              "name": "20070710 Internet Explorer 0day exploit",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
            },
            {
              "name": "26258",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26258"
            },
            {
              "name": "28363",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28363"
            },
            {
              "name": "20070710 Internet Explorer 0day exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
            },
            {
              "name": "26271",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26271"
            },
            {
              "name": "26204",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26204"
            },
            {
              "name": "26572",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26572"
            },
            {
              "name": "26096",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26096"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3670",
    "datePublished": "2007-07-10T23:00:00.000Z",
    "dateReserved": "2007-07-10T04:00:00.000Z",
    "dateUpdated": "2024-08-07T14:28:51.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-QWP7-HH47-5G3H

Vulnerability from github – Published: 2022-05-03 03:18 – Updated: 2022-05-03 03:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3670"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-10T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\"",
  "id": "GHSA-qwp7-hh47-5g3h",
  "modified": "2022-05-03T03:18:18Z",
  "published": "2022-05-03T03:18:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3670"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
    },
    {
      "type": "WEB",
      "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
    },
    {
      "type": "WEB",
      "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit"
    },
    {
      "type": "WEB",
      "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/38017"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25984"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26096"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26149"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26204"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26216"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26258"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26271"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26572"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28179"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28363"
    },
    {
      "type": "WEB",
      "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/358017"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24837"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018351"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018360"
    },
    {
      "type": "WEB",
      "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-503-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2473"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2565"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4272"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0082"
    },
    {
      "type": "WEB",
      "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-3670

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3670

Aliases

CVE-2007-3670

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3670",
    "description": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\"",
    "id": "GSD-2007-3670",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-3670.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3670"
      ],
      "details": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\"",
      "id": "GSD-2007-3670",
      "modified": "2023-12-13T01:21:42.186310Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3670",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-2473",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2473"
          },
          {
            "name": "USN-503-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-503-1"
          },
          {
            "name": "1018360",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018360"
          },
          {
            "name": "1018351",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018351"
          },
          {
            "name": "HPSBUX02156",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
          },
          {
            "name": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/",
            "refsource": "MISC",
            "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
          },
          {
            "name": "HPSBUX02153",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "MDKSA-2007:152",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
          },
          {
            "name": "25984",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25984"
          },
          {
            "name": "ie-firefoxurl-command-execution(35346)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
          },
          {
            "name": "TA07-199A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
          },
          {
            "name": "28179",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28179"
          },
          {
            "name": "24837",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24837"
          },
          {
            "name": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx",
            "refsource": "MISC",
            "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
          },
          {
            "name": "26216",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26216"
          },
          {
            "name": "SSRT061236",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
          },
          {
            "name": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml",
            "refsource": "MISC",
            "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
          },
          {
            "name": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/",
            "refsource": "MISC",
            "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
          },
          {
            "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
          },
          {
            "name": "ADV-2007-2565",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2565"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
          },
          {
            "name": "26149",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26149"
          },
          {
            "name": "ADV-2008-0082",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0082"
          },
          {
            "name": "38017",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/38017"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
          },
          {
            "name": "VU#358017",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/358017"
          },
          {
            "name": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html",
            "refsource": "MISC",
            "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
          },
          {
            "name": "ADV-2007-4272",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4272"
          },
          {
            "name": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/",
            "refsource": "MISC",
            "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
          },
          {
            "name": "SUSE-SA:2007:049",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
          },
          {
            "name": "SSRT061181",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
            "refsource": "CONFIRM",
            "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
          },
          {
            "name": "20070710 Internet Explorer 0day exploit",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
          },
          {
            "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
            "refsource": "CONFIRM",
            "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
          },
          {
            "name": "26258",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26258"
          },
          {
            "name": "28363",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28363"
          },
          {
            "name": "20070710 Internet Explorer 0day exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
          },
          {
            "name": "26271",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26271"
          },
          {
            "name": "26204",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26204"
          },
          {
            "name": "26572",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26572"
          },
          {
            "name": "26096",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26096"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3670"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
            },
            {
              "name": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
            },
            {
              "name": "24837",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24837"
            },
            {
              "name": "25984",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25984"
            },
            {
              "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
            },
            {
              "name": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
            },
            {
              "name": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
            },
            {
              "name": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
            },
            {
              "name": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
            },
            {
              "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
            },
            {
              "name": "MDKSA-2007:152",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
            },
            {
              "name": "SUSE-SA:2007:049",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
            },
            {
              "name": "USN-503-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-503-1"
            },
            {
              "name": "TA07-199A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
            },
            {
              "name": "VU#358017",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/358017"
            },
            {
              "name": "1018351",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018351"
            },
            {
              "name": "1018360",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018360"
            },
            {
              "name": "26096",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26096"
            },
            {
              "name": "26149",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26149"
            },
            {
              "name": "26216",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26216"
            },
            {
              "name": "26204",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26204"
            },
            {
              "name": "26271",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26271"
            },
            {
              "name": "26258",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26258"
            },
            {
              "name": "26572",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26572"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
            },
            {
              "name": "28179",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28179"
            },
            {
              "name": "28363",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28363"
            },
            {
              "name": "ADV-2007-4272",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4272"
            },
            {
              "name": "ADV-2007-2473",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2473"
            },
            {
              "name": "ADV-2007-2565",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2565"
            },
            {
              "name": "ADV-2008-0082",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0082"
            },
            {
              "name": "38017",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/38017"
            },
            {
              "name": "20070710 Internet Explorer 0day exploit",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
            },
            {
              "name": "HPSBUX02156",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "ie-firefoxurl-command-execution(35346)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
            },
            {
              "name": "20070710 Internet Explorer 0day exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-07-23T15:06Z",
      "publishedDate": "2007-07-10T19:30Z"
    }
  }
}

CERTA-2007-AVI-318

Vulnerability from certfr_avis - Published: 2007-07-18 - Updated: 2007-08-27

Plusieurs vulnérabilités ont été identifiées dans Mozilla Firefox. Elles ont fait l'objet de l'alerte CERTA-2007-ALE-012. L'exploitation de celles-ci peuvent conduire une personne malveillante à exécuter du code arbitraire, à interrompre le service, ou à récupérer des informations confidentielles sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans Mozilla Firefox. Elles ont fait l'objet de l'alerte CERTA-2007-ALE-012. Parmi celles-ci :

le navigateur pourrait sous certaines conditions se fermer, ou dysfonctionner, suite à des corruptions de mémoire possibles ;
une situation de compétition existerait entre les deux fonctions addEventListener et setTimeout. L'exploitation de celle-ci permettrait d'injecter du code, de manière indirecte, dans le contexte d'un autre site (attaque XSS) ;
une situation de compétition permettrait de modifier le contenu des cadres about:blank de la page. L'exploitation de cette vulnérabilité modifie l'apparence d'un site, dans le cadre d'attaques par filoutage par exemple ;
il est possible d'appeler les fonctions de manipulation d'événements pour des éléments qui sont indépendants du document, ce qui laisse l'opportunité à des personnes malveillantes d'exécuter des commandes arbitraires avec les droits chrome ;
l'interprétation de certaines adresses réticulaires comprenant le caractère %00 ne serait pas cohérente avec celle effectuée par Microsoft. Cette vulnérabilité permet ainsi à une personne locale au système d'exécuter des programmes avec des privilèges plus élevés, comme ceux de l'administrateur ;
il est possible d'appeler Firefox par le biais d'Internet Explorer. Ce problème a été décrit en particulier dans le bulletin d'actualité CERTA-2007-ACT-028 ;
il est possible de contourner la politique du navigateur qui vérifie la cohérence entre les sources des éléments (Same-Origin Policy), en accédant à certaines données en cache par le biais de la commande wyciwyg://. Une personne malveillante peut ainsi avoir accès à des informations confidentielles ou corrompre les fichiers en cache ;
il serait possible, par le biais du navigateur, de modifier XPCNativeWrapper afin d'exécuter à la place un code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur Mozilla pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Les versions de Mozilla Firefox antérieures à 2.0.0.5.

References

Title

Publication Time

FKIE_CVE-2007-3670

Vulnerability from fkie_nvd - Published: 2007-07-10 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html
cve@mitre.org	http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565
cve@mitre.org	http://larholm.com/2007/07/10/internet-explorer-0day-exploit/
cve@mitre.org	http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx
cve@mitre.org	http://osvdb.org/38017
cve@mitre.org	http://secunia.com/advisories/25984	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26096	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26149	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26204	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26216	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26258	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26271	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26572	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28179
cve@mitre.org	http://secunia.com/advisories/28363
cve@mitre.org	http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
cve@mitre.org	http://www.kb.cert.org/vuls/id/358017	US Government Resource
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
cve@mitre.org	http://www.mozilla.org/security/announce/2007/mfsa2007-23.html
cve@mitre.org	http://www.mozilla.org/security/announce/2007/mfsa2007-40.html
cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
cve@mitre.org	http://www.securityfocus.com/archive/1/473276/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/24837
cve@mitre.org	http://www.securitytracker.com/id?1018351
cve@mitre.org	http://www.securitytracker.com/id?1018360
cve@mitre.org	http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/
cve@mitre.org	http://www.ubuntu.com/usn/usn-503-1
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-199A.html	US Government Resource
cve@mitre.org	http://www.virusbtn.com/news/virus_news/2007/07_11.xml
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2473
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2565
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4272
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0082
cve@mitre.org	http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35346
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html
af854a3a-2127-422b-91ae-364da2661108	http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565
af854a3a-2127-422b-91ae-364da2661108	http://larholm.com/2007/07/10/internet-explorer-0day-exploit/
af854a3a-2127-422b-91ae-364da2661108	http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38017
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25984	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26096	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26149	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26204	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26216	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26258	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26271	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26572	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28179
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28363
af854a3a-2127-422b-91ae-364da2661108	http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/358017	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2007/mfsa2007-23.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2007/mfsa2007-40.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/473276/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24837
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018351
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018360
af854a3a-2127-422b-91ae-364da2661108	http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-503-1
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-199A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.virusbtn.com/news/virus_news/2007/07_11.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2473
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2565
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4272
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0082
af854a3a-2127-422b-91ae-364da2661108	http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35346

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	6
microsoft	internet_explorer	6
microsoft	internet_explorer	7.0
microsoft	internet_explorer	7.0
microsoft	internet_explorer	7.0
microsoft	internet_explorer	7.0
mozilla	firefox	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "ED471260-0272-431F-A91E-AC2883D92497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "63D18070-EC48-4904-9AE0-558F7F3B869D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "86584E3F-3B0D-4018-A186-E59F3B01CA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n de argumentos en Microsoft Internet Explorer, cuando es ejecutado en sistemas con Firefox instalado y ciertos URIs registrados, permiten a atacantes remotos conducir ataques de tipo cross-browser scripting y ejecutar comandos arbitrarios por medio de metacaracteres de shell en un URI (1) FirefoxURL o (2) FirefoxHTML, que son insertadas en la l\u00ednea de comandos que son creadas cuando se invoca el archivo firefox.exe. NOTA: se ha debatido si el problema est\u00e1 en Internet Explorer o Firefox. A partir de 20070711, la opini\u00f3n de este CVE es que IE parece estar fallando en la delimitaci\u00f3n apropiada del argumento de la URL al invocar a Firefox, y este problema podr\u00eda surgir tambi\u00e9n con otros manejadores de protocolos en IE. Sin embargo, Mozilla ha declarado que abordar\u00e1 el problema con una \"defense in depth\" que \"prevent IE from sending Firefox malicious data.\""
    }
  ],
  "evaluatorImpact": "Successful exploit requires that Mozilla Firefox is installed.",
  "id": "CVE-2007-3670",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-10T19:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/38017"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25984"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26096"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26149"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26204"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26216"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26258"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26271"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26572"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28363"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/358017"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24837"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018351"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018360"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-503-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2473"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2565"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0082"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/38017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/358017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-503-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3670 (GCVE-0-2007-3670)

GHSA-QWP7-HH47-5G3H

GSD-2007-3670

CERTA-2007-AVI-318

Description

Solution

FKIE_CVE-2007-3670

Tags

Sightings

Nomenclature