Unrated severityNVD Advisory· Published Sep 12, 2007· Updated Apr 23, 2026

CVE-2007-4841

Description

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <=2.0.0.8
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <=1.1.5
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <=2.0.0.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27311nvdVendor Advisory
secunia.com/advisories/27315nvdVendor Advisory
secunia.com/advisories/27360nvdVendor Advisory
secunia.com/advisories/27414nvdVendor Advisory
secunia.com/advisories/27744nvdVendor Advisory
secunia.com/advisories/28363nvdVendor Advisory
secunia.com/advisories/28398nvdVendor Advisory
www.vupen.com/english/advisories/2007/3544nvdVendor Advisory
www.vupen.com/english/advisories/2008/0082nvdVendor Advisory
www.vupen.com/english/advisories/2008/0083nvdVendor Advisory
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
slackware.com/security/viewer.phpnvd
www.mandriva.com/en/security/advisoriesnvd
www.mozilla.org/security/announce/2007/mfsa2007-36.htmlnvd
www.securityfocus.com/bid/25543nvd
xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000