CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

CVSS v2.0 6.8

6.8^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References

Link	Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html	Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483	Broken Link
https://bugzilla.mozilla.org/show_bug.cgi?id=364323	Issue Tracking Vendor Advisory
https://issues.rpath.com/browse/RPL-1081	Broken Link
https://issues.rpath.com/browse/RPL-1103	Broken Link
http://fedoranews.org/cms/node/2709	Broken Link
http://fedoranews.org/cms/node/2711	Broken Link
http://security.gentoo.org/glsa/glsa-200703-18.xml	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0079.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2007-0077.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0078.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0097.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0108.html	Third Party Advisory
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html	Broken Link
http://www.ubuntu.com/usn/usn-428-1	Third Party Advisory
http://www.ubuntu.com/usn/usn-431-1	Third Party Advisory
http://www.kb.cert.org/vuls/id/592796	Third Party Advisory US Government Resource
http://www.osvdb.org/32106	Broken Link
http://www.securitytracker.com/id?1017696	Third Party Advisory VDB Entry
http://secunia.com/advisories/24253	Third Party Advisory
http://secunia.com/advisories/24277	Third Party Advisory
http://secunia.com/advisories/24287	Third Party Advisory
http://secunia.com/advisories/24290	Third Party Advisory
http://secunia.com/advisories/24333	Third Party Advisory
http://secunia.com/advisories/24343	Third Party Advisory
http://secunia.com/advisories/24293	Third Party Advisory
http://secunia.com/advisories/24395	Third Party Advisory
http://secunia.com/advisories/24384	Third Party Advisory
http://secunia.com/advisories/24389	Third Party Advisory
http://secunia.com/advisories/24410	Third Party Advisory
http://secunia.com/advisories/24522	Third Party Advisory
http://secunia.com/advisories/24562	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1	Broken Link
http://secunia.com/advisories/24703	Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc	Broken Link
http://secunia.com/advisories/24650	Third Party Advisory
http://www.debian.org/security/2007/dsa-1336	Third Party Advisory
http://fedoranews.org/cms/node/2747	Broken Link
http://fedoranews.org/cms/node/2749	Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050	Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc	Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851	Mailing List Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947	Mailing List Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131	Mailing List Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1	Broken Link
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html	Broken Link
http://secunia.com/advisories/25597	Third Party Advisory
http://secunia.com/advisories/24406	Third Party Advisory
http://secunia.com/advisories/24455	Third Party Advisory
http://secunia.com/advisories/24456	Third Party Advisory
http://secunia.com/advisories/24457	Third Party Advisory
http://secunia.com/advisories/24342	Third Party Advisory
http://secunia.com/advisories/25588	Third Party Advisory
http://www.vupen.com/english/advisories/2007/2141	Third Party Advisory
http://www.vupen.com/english/advisories/2007/0718	Third Party Advisory
http://www.vupen.com/english/advisories/2007/0719	Third Party Advisory
http://www.vupen.com/english/advisories/2007/1165	Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	Broken Link
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	Third Party Advisory
http://www.securityfocus.com/bid/64758	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174	Third Party Advisory
http://www.securityfocus.com/archive/1/461809/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/461336/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2007-02-26 08:28

Updated : 2019-10-09 10:51

NVD link : CVE-2007-0009

Mitre link : CVE-2007-0009

Products Affected

No products.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer