Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:2022
HistoryJul 20, 2007 - 12:00 a.m.

Firefox URLBar空字节处理远程代码执行漏洞

2007-07-2000:00:00
Root
www.seebug.org
20

EPSS

0.045

Percentile

92.6%

JSON

BUGTRAQ ID: 24447
CVE(CAN) ID: CVE-2007-3285

Mozilla Firefox是一款流行的开源WEB浏览器。

Firefox在处理文件URL串时存在输入验证漏洞,攻击者可能利用此漏洞通过诱使用户输入恶意URL到地址栏在用户系统上执行恶意代码。

如果文件名URL包含有空字节(%00)的话,Firefox可能将其解释成为不同的文件类型,这就可能导致一些不安全的操作,如运行程序。攻击者只有本地访问Firefox并在地址栏中输入恶意file:///或resource:///请求后才可以利用这个漏洞,无法通过诱骗用户访问网页或链接来利用。

Mozilla Firefox < 2.0.0.5
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5” target=“_blank”>ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5</a>


                                                file:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.html
file:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.html
file:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.js
file:///C:/Program%20Files/Mozilla%2

Related

ubuntucve 1
packetstorm 1
prion 1
securityvulns 2
cvelist 1
nvd 1
mozilla 1
cve 1
ubuntu 1
nessus 10
openvas 9
debian 1
suse 2
ubuntucve
ubuntucve
CVE-2007-3285
2007-06-20 00:00:00
packetstorm
packetstorm
Mozilla Firefox 10.0 Local Null Byte Bypass File Check Execution
2012-02-08 00:00:00
prion
prion
Type confusion
2007-06-20 19:30:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-22
2007-07-19 00:00:00
Mozilla Firefox, Thunderbird, Seamonkey multiple securityvulnerabilities
2007-07-19 00:00:00
cvelist
cvelist
CVE-2007-3285
2007-06-20 19:00:00
nvd
nvd
CVE-2007-3285
2007-06-20 19:30:00
mozilla
mozilla
File type confusion due to %00 in name — Mozilla
2007-07-17 00:00:00
cve
cve
CVE-2007-3285
2007-06-20 19:30:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-07-20 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-490-1)
2007-11-10 00:00:00
Firefox < 2.0.0.5 Multiple Vulnerabilities
2007-07-19 00:00:00
Debian DSA-1337-1 : xulrunner - several vulnerabilities
2007-07-27 00:00:00
openvas
openvas
Debian Security Advisory DSA 1337-1 (xulrunner)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-490-1)
2009-03-23 00:00:00
Ubuntu Update for firefox vulnerabilities USN-490-1
2009-03-23 00:00:00
debian
debian
[SECURITY] [DSA 1337-1] New xulrunner packages fix several vulnerabilities
2007-07-22 19:19:22
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2007-08-02 16:31:06
Firefox update to 31.1esr (important)
2014-09-09 18:04:16

EPSS

0.045

Percentile

92.6%

JSON
Related for SSV:2022
ubuntucve1packetstorm1prion1securityvulns2cvelist1nvd1mozilla1cve1ubuntu1nessus10openvas9debian1suse2