CVE - CVE-2007-3285

CVE-ID
CVE-2007-3285	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:24447 URL:http://www.securityfocus.com/bid/24447 CONFIRM:ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt CONFIRM:http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-22.html HP:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HP:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MANDRIVA:MDKSA-2007:152 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:152~~ (Obsolete source) MISC:http://www.0x000000.com/?i=333 MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=383478 OSVDB:38032 URL:~~http://osvdb.org/38032~~ (Obsolete source) SECTRACK:1018413 URL:http://www.securitytracker.com/id?1018413 SECUNIA:26072 URL:http://secunia.com/advisories/26072 SECUNIA:26149 URL:http://secunia.com/advisories/26149 SECUNIA:26204 URL:http://secunia.com/advisories/26204 SECUNIA:26216 URL:http://secunia.com/advisories/26216 SECUNIA:26258 URL:http://secunia.com/advisories/26258 SECUNIA:26271 URL:http://secunia.com/advisories/26271 SECUNIA:28135 URL:http://secunia.com/advisories/28135 SUNALERT:103177 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1~~ (Obsolete source) SUNALERT:201516 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1~~ (Obsolete source) SUSE:SUSE-SA:2007:049 URL:http://www.novell.com/linux/security/advisories/2007_49_mozilla.html UBUNTU:USN-490-1 URL:http://www.ubuntu.com/usn/usn-490-1 VUPEN:ADV-2007-4256 URL:~~http://www.vupen.com/english/advisories/2007/4256~~ (Obsolete source)
Assigning CNA
Red Hat, Inc.
Date Record Created
20070620	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070620)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)