Mozilla Firefox before 188.8.131.52, Thunderbird before 184.108.40.206 and 2.x
before 220.127.116.11, and SeaMonkey before 1.1.4 allow remote attackers to
execute arbitrary commands via certain vectors associated with
launching "a file handling program based on the file extension at the
end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states
that "it is still possible to launch a filetype handler based on
extension rather than the registered protocol handler."
Note:References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
This is an entry on the CVE
list, which standardizes names for security