Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2007-28
HistorySep 18, 2007 - 12:00 a.m.

Code execution via QuickTime Media-link files — Mozilla

2007-09-1800:00:00
Mozilla Foundation
www.mozilla.org
11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.8%

JSON

On his blog Petko D. Petkov reported that QuickTime Media-Link files contain a qtnext attribute that could be used on Windows systems to launch the default browser with arbitrary command-line options. When the default browser is Firefox 2.0.0.6 or earlier use of the -chrome option allowed a remote attacker to run script commands with the full privileges of the user. This could be used to install malware, steal local data, or otherwise corrupt the victim’s computer.

Affected configurations

Vulners
Node
mozillafirefoxRange<2.0.0.7
CPENameOperatorVersion
firefoxlt2.0.0.7

Related

nessus 8
freebsd 1
openvas 5
cve 3
cvelist 3
nvd 3
checkpoint_advisories 1
redhatcve 1
prion 2
ubuntucve 1
suse 1
nessus
nessus
Firefox < 2.0.0.7 Apple QuickTime Plug-In .qtl File qtnext Field Cross-context Scripting
2007-09-20 00:00:00
FreeBSD : mozilla -- code execution via Quicktime media-link files (3ce8c7e2-66cf-11dc-b25f-02e0185f8d72)
2007-09-24 00:00:00
QuickTime < 7.1.5 Multiple Vulnerabilities (Windows)
2007-03-06 00:00:00
freebsd
freebsd
mozilla -- code execution via Quicktime media-link files
2007-09-18 00:00:00
openvas
openvas
FreeBSD Ports: firefox
2008-09-04 00:00:00
FreeBSD Ports: firefox
2008-09-04 00:00:00
SLES9: Security update for Mozilla
2009-10-10 00:00:00
cve
cve
CVE-2006-4965
2006-09-25 00:07:00
CVE-2007-5045
2007-09-24 00:17:00
CVE-2007-4673
2007-10-04 23:17:00
cvelist
cvelist
CVE-2006-4965
2006-09-25 00:00:00
CVE-2007-5045
2007-09-24 00:00:00
CVE-2007-4673
2007-10-04 23:00:00
nvd
nvd
CVE-2006-4965
2006-09-25 00:07:00
CVE-2007-5045
2007-09-24 00:17:00
CVE-2007-4673
2007-10-04 23:17:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime Plug-In Security Bypass (CVE-2006-4965; CVE-2007-4673)
2009-10-15 00:00:00
redhatcve
redhatcve
CVE-2007-5045
2015-10-30 10:09:30
prion
prion
Design/Logic Flaw
2007-10-04 23:17:00
Design/Logic Flaw
2007-09-24 00:17:00
ubuntucve
ubuntucve
CVE-2007-5045
2007-09-24 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla,seamonkey
2007-10-25 18:13:14

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.8%

JSON
Related for MFSA2007-28
nessus8freebsd1openvas5cve3cvelist3nvd3checkpoint_advisories1redhatcve1prion2ubuntucve1suse1