Launchpad CVE tracker

CVE 2007-4841

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

Related bugs and status

CVE-2007-4841 (Candidate) is related to these bugs:

Bug #148942: thunderbird 2.0 not compiled with UNIX (movemail) acccount option.

Summary				In	Importance	Status
	148942	thunderbird 2.0 not compiled with UNIX (movemail) acccount option.		thunderbird (Ubuntu)	Undecided	Fix Released

Bug #150791: firefox package on packages site carries warning about development version

Summary				In	Importance	Status
	150791	firefox package on packages site carries warning about development version		firefox (Ubuntu)	Undecided	Fix Released

Bug #154393: [Firefox] security update release 2.0.0.8 available from upstream

		In	Importance	Status
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Dapper)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Edgy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Feisty)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Hardy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-4841

References