CVE-2007-4841

Name: CVE-2007-4841
Creator: NVD / NIST
Published: 2007-09-12T20:17:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.65%

Last modified Jun 16, 2026

CVE-2007-4841 is a vulnerability of currently unknown severity. Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.. EPSS estimates a 2.65% chance of exploitation in the next 30 days.

Description

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

Metrics

EPSS Probability

2.65%

83.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Mozilla	Firefox	<= 2.0.0.8
Mozilla	Seamonkey	<= 1.1.5
Mozilla	Thunderbird	<= 2.0.0.8

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://secunia.com/advisories/27311Vendor Advisory
http://secunia.com/advisories/27315Vendor Advisory
http://secunia.com/advisories/27360Vendor Advisory
http://secunia.com/advisories/27414Vendor Advisory
http://secunia.com/advisories/27744Vendor Advisory
http://secunia.com/advisories/28363Vendor Advisory
http://secunia.com/advisories/28398Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
http://www.securityfocus.com/bid/25543
http://www.vupen.com/english/advisories/2007/3544Vendor Advisory
http://www.vupen.com/english/advisories/2008/0082Vendor Advisory
http://www.vupen.com/english/advisories/2008/0083Vendor Advisory
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://secunia.com/advisories/27311Vendor Advisory
http://secunia.com/advisories/27315Vendor Advisory
http://secunia.com/advisories/27360Vendor Advisory
http://secunia.com/advisories/27414Vendor Advisory
http://secunia.com/advisories/27744Vendor Advisory
http://secunia.com/advisories/28363Vendor Advisory
http://secunia.com/advisories/28398Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
http://www.securityfocus.com/bid/25543
http://www.vupen.com/english/advisories/2007/3544Vendor Advisory
http://www.vupen.com/english/advisories/2008/0082Vendor Advisory
http://www.vupen.com/english/advisories/2008/0083Vendor Advisory
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/

Timeline

Published: Sep 12, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-4841?

How severe is CVE-2007-4841?

Severity scoring for CVE-2007-4841 is pending analysis. The EPSS model estimates a 2.65% probability of exploitation in the next 30 days.

How do I fix CVE-2007-4841?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-4841?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST