Unrated severityNVD Advisory· Published Sep 12, 2007· Updated Jun 16, 2026
CVE-2007-4841
CVE-2007-4841
Description
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=2.0.0.8
- (no CPE)range: <2.0.0.8
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <=1.1.5
- (no CPE)range: <1.1.5
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=2.0.0.8
- (no CPE)range: <2.0.0.8
- Range: 7
Patches
Vulnerability mechanics
References
17- secunia.com/advisories/27311nvdVendor Advisory
- secunia.com/advisories/27315nvdVendor Advisory
- secunia.com/advisories/27360nvdVendor Advisory
- secunia.com/advisories/27414nvdVendor Advisory
- secunia.com/advisories/27744nvdVendor Advisory
- secunia.com/advisories/28363nvdVendor Advisory
- secunia.com/advisories/28398nvdVendor Advisory
- www.vupen.com/english/advisories/2007/3544nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0082nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0083nvdVendor Advisory
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- slackware.com/security/viewer.phpnvd
- www.mandriva.com/en/security/advisoriesnvd
- www.mozilla.org/security/announce/2007/mfsa2007-36.htmlnvd
- www.securityfocus.com/bid/25543nvd
- xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/nvd
News mentions
0No linked articles in our index yet.