| Name | CVE-2007-4041 |
| Description | Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1344-1, DSA-1345-1, DSA-1346-1, DTSA-51-1, DTSA-52-1, DTSA-53-1 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| iceape | source | etch | 1.0.10~pre070720-0etch3 | DSA-1346-1 | ||
| iceape | source | lenny | 1.0.10~pre070720-0etch3+lenny1 | DTSA-52-1 | ||
| iceape | source | (unstable) | 1.1.5-1 | |||
| iceweasel | source | etch | 2.0.0.6-0etch1 | DSA-1344-1 | ||
| iceweasel | source | lenny | 2.0.0.6-0etch1+lenny1 | DTSA-53-1 | ||
| iceweasel | source | (unstable) | 2.0.0.6-1 | |||
| xulrunner | source | etch | 1.8.0.13~pre070720-0etch3 | DSA-1345-1 | ||
| xulrunner | source | lenny | 1.8.0.13~pre070720-0etch3+lenny1 | DTSA-51-1 | ||
| xulrunner | source | (unstable) | 1.8.1.9-1 |