CVE-2007-0008

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
References
Link Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html Patch Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482 Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=364319 Vendor Advisory
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
http://fedoranews.org/cms/node/2709
http://fedoranews.org/cms/node/2711
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://security.gentoo.org/glsa/glsa-200703-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://www.ubuntu.com/usn/usn-428-1
http://www.ubuntu.com/usn/usn-431-1
http://www.kb.cert.org/vuls/id/377812 US Government Resource
http://www.securityfocus.com/bid/22694
http://www.osvdb.org/32105
http://www.securitytracker.com/id?1017696
http://secunia.com/advisories/24238 Vendor Advisory
http://secunia.com/advisories/24252 Vendor Advisory
http://secunia.com/advisories/24253 Vendor Advisory
http://secunia.com/advisories/24277 Vendor Advisory
http://secunia.com/advisories/24287 Vendor Advisory
http://secunia.com/advisories/24290 Vendor Advisory
http://secunia.com/advisories/24205 Vendor Advisory
http://secunia.com/advisories/24328 Vendor Advisory
http://secunia.com/advisories/24333 Vendor Advisory
http://secunia.com/advisories/24343 Vendor Advisory
http://secunia.com/advisories/24320 Vendor Advisory
http://secunia.com/advisories/24293 Vendor Advisory
http://secunia.com/advisories/24395 Vendor Advisory
http://secunia.com/advisories/24384 Vendor Advisory
http://secunia.com/advisories/24389 Vendor Advisory
http://secunia.com/advisories/24410 Vendor Advisory
http://secunia.com/advisories/24522 Vendor Advisory
http://secunia.com/advisories/24562 Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
http://secunia.com/advisories/24703 Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://secunia.com/advisories/24650 Vendor Advisory
http://www.debian.org/security/2007/dsa-1336
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://secunia.com/advisories/25597
http://secunia.com/advisories/24406
http://secunia.com/advisories/24455
http://secunia.com/advisories/24456
http://secunia.com/advisories/24457
http://secunia.com/advisories/24342
http://secunia.com/advisories/25588
http://www.vupen.com/english/advisories/2007/2141
http://www.vupen.com/english/advisories/2007/0718
http://www.vupen.com/english/advisories/2007/0719
http://www.vupen.com/english/advisories/2007/1165
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://www.securityfocus.com/bid/64758
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/32666
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

Information

Published : 2007-02-26 08:28

Updated : 2018-10-16 04:29


NVD link : CVE-2007-0008

Mitre link : CVE-2007-0008

Products Affected
No products.
CWE