CVE-2007-3670 (GCVE-0-2007-3670)

Vulnerability from cvelistv5 – Published: 2007-07-10 19:00 – Updated: 2024-08-07 14:28
VLAI?
Summary
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.vupen.com/english/advisories/2007/2473 vdb-entryx_refsource_VUPEN
http://www.ubuntu.com/usn/usn-503-1 vendor-advisoryx_refsource_UBUNTU
http://www.securitytracker.com/id?1018360 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1018351 vdb-entryx_refsource_SECTRACK
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://blog.mozilla.com/security/2007/07/10/secur… x_refsource_MISC
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/25984 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.us-cert.gov/cas/techalerts/TA07-199A.html third-party-advisoryx_refsource_CERT
http://secunia.com/advisories/28179 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/24837 vdb-entryx_refsource_BID
http://msinfluentials.com/blogs/jesper/archive/20… x_refsource_MISC
http://secunia.com/advisories/26216 third-party-advisoryx_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://www.virusbtn.com/news/virus_news/2007/07_11.xml x_refsource_MISC
http://www.theregister.co.uk/2007/07/11/ie_firefo… x_refsource_MISC
http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
http://www.vupen.com/english/advisories/2007/2565 vdb-entryx_refsource_VUPEN
http://www.mozilla.org/security/announce/2007/mfs… x_refsource_CONFIRM
http://secunia.com/advisories/26149 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0082 vdb-entryx_refsource_VUPEN
http://osvdb.org/38017 vdb-entryx_refsource_OSVDB
http://www.mozilla.org/security/announce/2007/mfs… x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/358017 third-party-advisoryx_refsource_CERT-VN
http://www.xs-sniper.com/sniperscope/IE-Pwns-Fire… x_refsource_MISC
http://www.vupen.com/english/advisories/2007/4272 vdb-entryx_refsource_VUPEN
http://larholm.com/2007/07/10/internet-explorer-0… x_refsource_MISC
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
ftp://ftp.slackware.com/pub/slackware/slackware-1… x_refsource_CONFIRM
http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
http://support.novell.com/techcenter/psdb/07d098f… x_refsource_CONFIRM
http://secunia.com/advisories/26258 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28363 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/473276/100… mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/26271 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26204 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26572 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26096 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:51.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2473",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2473"
          },
          {
            "name": "USN-503-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-503-1"
          },
          {
            "name": "1018360",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018360"
          },
          {
            "name": "1018351",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018351"
          },
          {
            "name": "HPSBUX02156",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "MDKSA-2007:152",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
          },
          {
            "name": "25984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25984"
          },
          {
            "name": "ie-firefoxurl-command-execution(35346)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
          },
          {
            "name": "TA07-199A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
          },
          {
            "name": "28179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28179"
          },
          {
            "name": "24837",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24837"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
          },
          {
            "name": "26216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26216"
          },
          {
            "name": "SSRT061236",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
          },
          {
            "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
          },
          {
            "name": "ADV-2007-2565",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2565"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
          },
          {
            "name": "26149",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26149"
          },
          {
            "name": "ADV-2008-0082",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0082"
          },
          {
            "name": "38017",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
          },
          {
            "name": "VU#358017",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/358017"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
          },
          {
            "name": "ADV-2007-4272",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4272"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
          },
          {
            "name": "SUSE-SA:2007:049",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
          },
          {
            "name": "20070710 Internet Explorer 0day exploit",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
          },
          {
            "name": "26258",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26258"
          },
          {
            "name": "28363",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28363"
          },
          {
            "name": "20070710 Internet Explorer 0day exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
          },
          {
            "name": "26271",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26271"
          },
          {
            "name": "26204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26204"
          },
          {
            "name": "26572",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26572"
          },
          {
            "name": "26096",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26096"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2473",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2473"
        },
        {
          "name": "USN-503-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-503-1"
        },
        {
          "name": "1018360",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018360"
        },
        {
          "name": "1018351",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018351"
        },
        {
          "name": "HPSBUX02156",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "MDKSA-2007:152",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
        },
        {
          "name": "25984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25984"
        },
        {
          "name": "ie-firefoxurl-command-execution(35346)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
        },
        {
          "name": "TA07-199A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
        },
        {
          "name": "28179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28179"
        },
        {
          "name": "24837",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24837"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
        },
        {
          "name": "26216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26216"
        },
        {
          "name": "SSRT061236",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
        },
        {
          "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
        },
        {
          "name": "ADV-2007-2565",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2565"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
        },
        {
          "name": "26149",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26149"
        },
        {
          "name": "ADV-2008-0082",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0082"
        },
        {
          "name": "38017",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
        },
        {
          "name": "VU#358017",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/358017"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
        },
        {
          "name": "ADV-2007-4272",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4272"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
        },
        {
          "name": "SUSE-SA:2007:049",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
        },
        {
          "name": "20070710 Internet Explorer 0day exploit",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
        },
        {
          "name": "26258",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26258"
        },
        {
          "name": "28363",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28363"
        },
        {
          "name": "20070710 Internet Explorer 0day exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
        },
        {
          "name": "26271",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26271"
        },
        {
          "name": "26204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26204"
        },
        {
          "name": "26572",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26572"
        },
        {
          "name": "26096",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26096"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3670",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2473",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2473"
            },
            {
              "name": "USN-503-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-503-1"
            },
            {
              "name": "1018360",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018360"
            },
            {
              "name": "1018351",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018351"
            },
            {
              "name": "HPSBUX02156",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
            },
            {
              "name": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/",
              "refsource": "MISC",
              "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "MDKSA-2007:152",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
            },
            {
              "name": "25984",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25984"
            },
            {
              "name": "ie-firefoxurl-command-execution(35346)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
            },
            {
              "name": "TA07-199A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
            },
            {
              "name": "28179",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28179"
            },
            {
              "name": "24837",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24837"
            },
            {
              "name": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx",
              "refsource": "MISC",
              "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
            },
            {
              "name": "26216",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26216"
            },
            {
              "name": "SSRT061236",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
            },
            {
              "name": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml",
              "refsource": "MISC",
              "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
            },
            {
              "name": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/",
              "refsource": "MISC",
              "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
            },
            {
              "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
            },
            {
              "name": "ADV-2007-2565",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2565"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
            },
            {
              "name": "26149",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26149"
            },
            {
              "name": "ADV-2008-0082",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0082"
            },
            {
              "name": "38017",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38017"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
            },
            {
              "name": "VU#358017",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/358017"
            },
            {
              "name": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html",
              "refsource": "MISC",
              "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
            },
            {
              "name": "ADV-2007-4272",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4272"
            },
            {
              "name": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/",
              "refsource": "MISC",
              "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
            },
            {
              "name": "SUSE-SA:2007:049",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
            },
            {
              "name": "20070710 Internet Explorer 0day exploit",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
            },
            {
              "name": "26258",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26258"
            },
            {
              "name": "28363",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28363"
            },
            {
              "name": "20070710 Internet Explorer 0day exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
            },
            {
              "name": "26271",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26271"
            },
            {
              "name": "26204",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26204"
            },
            {
              "name": "26572",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26572"
            },
            {
              "name": "26096",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26096"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3670",
    "datePublished": "2007-07-10T19:00:00",
    "dateReserved": "2007-07-10T00:00:00",
    "dateUpdated": "2024-08-07T14:28:51.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D47247A3-7CD7-4D67-9D9B-A94A504DA1BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED471260-0272-431F-A91E-AC2883D92497\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"63D18070-EC48-4904-9AE0-558F7F3B869D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"86584E3F-3B0D-4018-A186-E59F3B01CA5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14E6A30E-7577-4569-9309-53A0AF7FE3AC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \\\"defense in depth\\\" fix that will \\\"prevent IE from sending Firefox malicious data.\\\"\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de inyecci\\u00f3n de argumentos en Microsoft Internet Explorer, cuando es ejecutado en sistemas con Firefox instalado y ciertos URIs registrados, permiten a atacantes remotos conducir ataques de tipo cross-browser scripting y ejecutar comandos arbitrarios por medio de metacaracteres de shell en un URI (1) FirefoxURL o (2) FirefoxHTML, que son insertadas en la l\\u00ednea de comandos que son creadas cuando se invoca el archivo firefox.exe. NOTA: se ha debatido si el problema est\\u00e1 en Internet Explorer o Firefox. A partir de 20070711, la opini\\u00f3n de este CVE es que IE parece estar fallando en la delimitaci\\u00f3n apropiada del argumento de la URL al invocar a Firefox, y este problema podr\\u00eda surgir tambi\\u00e9n con otros manejadores de protocolos en IE. Sin embargo, Mozilla ha declarado que abordar\\u00e1 el problema con una \\\"defense in depth\\\" que \\\"prevent IE from sending Firefox malicious data.\\\"\"}]",
      "evaluatorImpact": "Successful exploit requires that Mozilla Firefox is installed.",
      "id": "CVE-2007-3670",
      "lastModified": "2024-11-21T00:33:47.467",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-07-10T19:30:00.000",
      "references": "[{\"url\": \"ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://larholm.com/2007/07/10/internet-explorer-0day-exploit/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/38017\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25984\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26096\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26149\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26204\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26216\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26258\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26271\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26572\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28179\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28363\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/358017\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:152\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mozilla.org/security/announce/2007/mfsa2007-23.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mozilla.org/security/announce/2007/mfsa2007-40.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_49_mozilla.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/473276/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24837\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018351\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018360\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-503-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-199A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.virusbtn.com/news/virus_news/2007/07_11.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2473\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2565\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4272\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0082\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35346\", \"source\": \"cve@mitre.org\"}, {\"url\": \"ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://larholm.com/2007/07/10/internet-explorer-0day-exploit/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/38017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26096\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26149\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26204\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26271\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/26572\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28179\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28363\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/358017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:152\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mozilla.org/security/announce/2007/mfsa2007-23.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mozilla.org/security/announce/2007/mfsa2007-40.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_49_mozilla.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/473276/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018351\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018360\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-503-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-199A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.virusbtn.com/news/virus_news/2007/07_11.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2473\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2565\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4272\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0082\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35346\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3670\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-10T19:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \\\"defense in depth\\\" fix that will \\\"prevent IE from sending Firefox malicious data.\\\"\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n de argumentos en Microsoft Internet Explorer, cuando es ejecutado en sistemas con Firefox instalado y ciertos URIs registrados, permiten a atacantes remotos conducir ataques de tipo cross-browser scripting y ejecutar comandos arbitrarios por medio de metacaracteres de shell en un URI (1) FirefoxURL o (2) FirefoxHTML, que son insertadas en la l\u00ednea de comandos que son creadas cuando se invoca el archivo firefox.exe. NOTA: se ha debatido si el problema est\u00e1 en Internet Explorer o Firefox. A partir de 20070711, la opini\u00f3n de este CVE es que IE parece estar fallando en la delimitaci\u00f3n apropiada del argumento de la URL al invocar a Firefox, y este problema podr\u00eda surgir tambi\u00e9n con otros manejadores de protocolos en IE. Sin embargo, Mozilla ha declarado que abordar\u00e1 el problema con una \\\"defense in depth\\\" que \\\"prevent IE from sending Firefox malicious data.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47247A3-7CD7-4D67-9D9B-A94A504DA1BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED471260-0272-431F-A91E-AC2883D92497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"63D18070-EC48-4904-9AE0-558F7F3B869D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"86584E3F-3B0D-4018-A186-E59F3B01CA5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14E6A30E-7577-4569-9309-53A0AF7FE3AC\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://larholm.com/2007/07/10/internet-explorer-0day-exploit/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/38017\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25984\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26096\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26149\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26204\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26216\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26258\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26271\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26572\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28179\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28363\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/358017\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:152\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mozilla.org/security/announce/2007/mfsa2007-23.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mozilla.org/security/announce/2007/mfsa2007-40.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_49_mozilla.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/473276/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24837\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018351\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018360\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-503-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-199A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.virusbtn.com/news/virus_news/2007/07_11.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2473\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2565\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4272\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0082\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35346\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://larholm.com/2007/07/10/internet-explorer-0day-exploit/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/38017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26204\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26572\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/358017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:152\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mozilla.org/security/announce/2007/mfsa2007-23.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mozilla.org/security/announce/2007/mfsa2007-40.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_49_mozilla.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/473276/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018351\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-503-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-199A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.virusbtn.com/news/virus_news/2007/07_11.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2473\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4272\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35346\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"Successful exploit requires that Mozilla Firefox is installed.\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.