Launchpad.net

CVE 2007-3285

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.

Related bugs and status

CVE-2007-3285 (Candidate) is related to these bugs:

Bug #126727: [Firefox] security update release 2.0.0.5 available from upstream

Summary				In	Importance	Status
	126727	[Firefox] security update release 2.0.0.5 available from upstream		firefox (Ubuntu)	Undecided	Fix Released

Bug #469752: firefox,3.5/3.6 startup-notification bug

		In	Importance	Status
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu)	Medium	Invalid
469752	firefox,3.5/3.6 startup-notification bug	Mozilla Firefox	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Suse)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu Lucid)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu Lucid)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.0x000000.co...
BID: 24447
MISC: https://bugzilla.mozil...
CONFIRM: http://www.mozilla.org...
CONFIRM: ftp://ftp.slackware.co...
UBUNTU: USN-490-1
SECTRACK: 1018413
SECUNIA: 26149
SECUNIA: 26072
CONFIRM: http://support.novell....
SECUNIA: 26216
SECUNIA: 26204
SUSE: SUSE-SA:2007:049
SECUNIA: 26271
SECUNIA: 26258
MANDRIVA: MDKSA-2007:152
HP: HPSBUX02153
HP: SSRT061181
SUNALERT: 103177
SECUNIA: 28135
SUNALERT: 201516
OSVDB: 38032
VUPEN: ADV-2007-4256