CVE-2007-2867

Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
References
Link Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html Patch
https://issues.rpath.com/browse/RPL-1424
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1306
http://www.debian.org/security/2007/dsa-1308
http://www.debian.org/security/2007/dsa-1305
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.ubuntu.com/usn/usn-468-1
http://www.ubuntu.com/usn/usn-469-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html US Government Resource
http://www.kb.cert.org/vuls/id/751636 US Government Resource
http://www.securityfocus.com/bid/24242
http://www.securitytracker.com/id?1018151
http://www.securitytracker.com/id?1018153
http://secunia.com/advisories/25476
http://secunia.com/advisories/25533
http://secunia.com/advisories/25496
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25644
http://secunia.com/advisories/25647
http://secunia.com/advisories/25685
http://secunia.com/advisories/24406
http://secunia.com/advisories/24456
http://secunia.com/advisories/25534
http://secunia.com/advisories/25664
http://secunia.com/advisories/25469
http://secunia.com/advisories/25488
http://secunia.com/advisories/25489
http://secunia.com/advisories/25490
http://secunia.com/advisories/25491
http://secunia.com/advisories/25492
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://secunia.com/advisories/27423
http://secunia.com/advisories/28363
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://www.vupen.com/english/advisories/2007/3664
http://www.vupen.com/english/advisories/2008/0082
http://www.vupen.com/english/advisories/2007/1994
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://osvdb.org/35134
https://exchange.xforce.ibmcloud.com/vulnerabilities/34604
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066
http://www.securityfocus.com/archive/1/471842/100/0/threaded
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Configurations

Configuration 1

cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*

Information

Published : 2007-06-01 12:30

Updated : 2018-10-16 04:45


NVD link : CVE-2007-2867

Mitre link : CVE-2007-2867

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer