CVE-2007-4041

NameCVE-2007-4041
DescriptionMultiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1344-1, DSA-1345-1, DSA-1346-1, DTSA-51-1, DTSA-52-1, DTSA-53-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesourceetch1.0.10~pre070720-0etch3DSA-1346-1
iceapesourcelenny1.0.10~pre070720-0etch3+lenny1DTSA-52-1
iceapesource(unstable)1.1.5-1
iceweaselsourceetch2.0.0.6-0etch1DSA-1344-1
iceweaselsourcelenny2.0.0.6-0etch1+lenny1DTSA-53-1
iceweaselsource(unstable)2.0.0.6-1
xulrunnersourceetch1.8.0.13~pre070720-0etch3DSA-1345-1
xulrunnersourcelenny1.8.0.13~pre070720-0etch3+lenny1DTSA-51-1
xulrunnersource(unstable)1.8.1.9-1
Search for package or bug name: Reporting problems