CVE-2007-0008

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

Published : 2007-02-26 20:28 Updated : 2018-10-16 16:29

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Mozilla Thunderbird 1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.8
Mozilla Firefox 1.0 cpe:/a:mozilla:firefox:1.0
Mozilla Thunderbird 1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.9
Mozilla Thunderbird 1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.6
Mozilla Firefox 1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.1
Mozilla Thunderbird 0.7.3 cpe:/a:mozilla:thunderbird:0.7.3
Mozilla Thunderbird 1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.7
Mozilla Firefox 1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.2
Mozilla Thunderbird 0.7.2 cpe:/a:mozilla:thunderbird:0.7.2
Mozilla Thunderbird 1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.4
Mozilla Firefox 0.10.1 cpe:/a:mozilla:firefox:0.10.1
Mozilla Firefox 1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.3
Mozilla Thunderbird 0.7.1 cpe:/a:mozilla:thunderbird:0.7.1
Mozilla Thunderbird 1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.5
Mozilla Firefox 0.9 cpe:/a:mozilla:firefox:0.9:rc
Mozilla Firefox 1.5 cpe:/a:mozilla:firefox:1.5
Mozilla Firefox 1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.8
Mozilla Firefox 1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.9
Mozilla Thunderbird 1.5 cpe:/a:mozilla:thunderbird:1.5
Mozilla Firefox 1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.4
Mozilla Firefox 1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.5
Mozilla Firefox 1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.6
Mozilla Firefox 1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.7
Mozilla Seamonkey 1.0.4 cpe:/a:mozilla:seamonkey:1.0.4
Mozilla Seamonkey 1.0.1 cpe:/a:mozilla:seamonkey:1.0.1
Mozilla Thunderbird 1.0 cpe:/a:mozilla:thunderbird:1.0
Mozilla Firefox 0.6.1 cpe:/a:mozilla:firefox:0.6.1
Mozilla Seamonkey 1.0.2 cpe:/a:mozilla:seamonkey:1.0.2
Mozilla Thunderbird 1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.2
Mozilla Seamonkey 1.0.5 cpe:/a:mozilla:seamonkey:1.0.5
Mozilla Thunderbird 1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.3
Mozilla Seamonkey 1.0.6 cpe:/a:mozilla:seamonkey:1.0.6
Mozilla Seamonkey 1.0.3 cpe:/a:mozilla:seamonkey:1.0.3
Mozilla Thunderbird 1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.1
Mozilla Firefox 2.0 cpe:/a:mozilla:firefox:2.0
Mozilla Firefox 0.2 cpe:/a:mozilla:firefox:0.2
Mozilla Firefox 0.9.3 cpe:/a:mozilla:firefox:0.9.3
Mozilla Firefox 0.3 cpe:/a:mozilla:firefox:0.3
Mozilla Firefox 0.4 cpe:/a:mozilla:firefox:0.4
Mozilla Firefox 0.5 cpe:/a:mozilla:firefox:0.5
Mozilla Firefox 0.1 cpe:/a:mozilla:firefox:0.1
Mozilla Firefox 1.0.2 cpe:/a:mozilla:firefox:1.0.2
Mozilla Firefox 1.0.1 cpe:/a:mozilla:firefox:1.0.1
Mozilla Firefox 1.0 cpe:/a:mozilla:firefox:1.0:preview_release
Mozilla Firefox 1.0.8 cpe:/a:mozilla:firefox:1.0.8
Mozilla Seamonkey 1.0.7 cpe:/a:mozilla:seamonkey:1.0.7
Mozilla Firefox 1.0.7 cpe:/a:mozilla:firefox:1.0.7
Mozilla Firefox 1.0.6 cpe:/a:mozilla:firefox:1.0.6
Mozilla Firefox 1.0.5 cpe:/a:mozilla:firefox:1.0.5
Mozilla Firefox 1.4.1 cpe:/a:mozilla:firefox:1.4.1
Mozilla Firefox 1.0.4 cpe:/a:mozilla:firefox:1.0.4
Mozilla Firefox 0.10 cpe:/a:mozilla:firefox:0.10
Mozilla Firefox 1.0.3 cpe:/a:mozilla:firefox:1.0.3
Mozilla Network Security Services 3.11.2 cpe:/a:mozilla:network_security_services:3.11.2
Mozilla Firefox 0.6 cpe:/a:mozilla:firefox:0.6
Mozilla Firefox 0.7 cpe:/a:mozilla:firefox:0.7
Mozilla Firefox 0.8 cpe:/a:mozilla:firefox:0.8
Mozilla Firefox 0.9 cpe:/a:mozilla:firefox:0.9
Mozilla Thunderbird 0.8 cpe:/a:mozilla:thunderbird:0.8
Mozilla Thunderbird 0.9 cpe:/a:mozilla:thunderbird:0.9
Mozilla Thunderbird 1.0.2 cpe:/a:mozilla:thunderbird:1.0.2
Mozilla Thunderbird 0.6 cpe:/a:mozilla:thunderbird:0.6
Mozilla Thunderbird 0.7 cpe:/a:mozilla:thunderbird:0.7
Mozilla Thunderbird 1.0.1 cpe:/a:mozilla:thunderbird:1.0.1
Mozilla Thunderbird 1.5 cpe:/a:mozilla:thunderbird:1.5:beta2
Mozilla Thunderbird 1.0.4 cpe:/a:mozilla:thunderbird:1.0.4
Mozilla Thunderbird 0.4 cpe:/a:mozilla:thunderbird:0.4
Mozilla Thunderbird 1.0.3 cpe:/a:mozilla:thunderbird:1.0.3
Mozilla Thunderbird 0.5 cpe:/a:mozilla:thunderbird:0.5
Mozilla Thunderbird 1.0.6 cpe:/a:mozilla:thunderbird:1.0.6
Mozilla Thunderbird 0.2 cpe:/a:mozilla:thunderbird:0.2
Mozilla Thunderbird 1.0.5 cpe:/a:mozilla:thunderbird:1.0.5
Mozilla Thunderbird 0.3 cpe:/a:mozilla:thunderbird:0.3
Mozilla Thunderbird 0.1 cpe:/a:mozilla:thunderbird:0.1
Mozilla Firefox 2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.1
Mozilla Firefox 0.7.1 cpe:/a:mozilla:firefox:0.7.1
Mozilla Firefox 0.9.2 cpe:/a:mozilla:firefox:0.9.2
Mozilla Seamonkey 1.0 cpe:/a:mozilla:seamonkey:1.0
Mozilla Firefox 0.9.1 cpe:/a:mozilla:firefox:0.9.1
Mozilla Firefox 1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.10
Mozilla Thunderbird 1.0.8 cpe:/a:mozilla:thunderbird:1.0.8
Mozilla Thunderbird 1.0.7 cpe:/a:mozilla:thunderbird:1.0.7
Mozilla Network Security Services 3.11.4 cpe:/a:mozilla:network_security_services:3.11.4
Mozilla Firefox 1.5.0.12 cpe:/a:mozilla:firefox:1.5.0.12
Mozilla Network Security Services 3.11.3 cpe:/a:mozilla:network_security_services:3.11.3
Mozilla Firefox 1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.11
  1. Mozilla (4) Search CVE
    1. Firefox (41) Search CVE
      1. 1.0
      2. 1.5.0.1
      3. 1.5.0.2
      4. 0.10.1
      5. 1.5.0.3
      6. 0.9
      7. 1.5
      8. 1.5.0.8
      9. 1.5.0.9
      10. 1.5.0.4
      11. 1.5.0.5
      12. 1.5.0.6
      13. 1.5.0.7
      14. 0.6.1
      15. 2.0
      16. 0.2
      17. 0.9.3
      18. 0.3
      19. 0.4
      20. 0.5
      21. 0.1
      22. 1.0.2
      23. 1.0.1
      24. 1.0.8
      25. 1.0.7
      26. 1.0.6
      27. 1.0.5
      28. 1.4.1
      29. 1.0.4
      30. 0.10
      31. 1.0.3
      32. 0.6
      33. 0.7
      34. 0.8
      35. 2.0.0.1
      36. 0.7.1
      37. 0.9.2
      38. 0.9.1
      39. 1.5.0.10
      40. 1.5.0.12
      41. 1.5.0.11
    2. Thunderbird (31) Search CVE
      1. 1.5.0.8
      2. 1.5.0.9
      3. 1.5.0.6
      4. 0.7.3
      5. 1.5.0.7
      6. 0.7.2
      7. 1.5.0.4
      8. 0.7.1
      9. 1.5.0.5
      10. 1.5
      11. 1.0
      12. 1.5.0.2
      13. 1.5.0.3
      14. 1.5.0.1
      15. 0.8
      16. 0.9
      17. 1.0.2
      18. 0.6
      19. 0.7
      20. 1.0.1
      21. 1.0.4
      22. 0.4
      23. 1.0.3
      24. 0.5
      25. 1.0.6
      26. 0.2
      27. 1.0.5
      28. 0.3
      29. 0.1
      30. 1.0.8
      31. 1.0.7
    3. Network Security Services (3) Search CVE
      1. 3.11.2
      2. 3.11.4
      3. 3.11.3
    4. Seamonkey (8) Search CVE
      1. 1.0.4
      2. 1.0.1
      3. 1.0.2
      4. 1.0.5
      5. 1.0.6
      6. 1.0.3
      7. 1.0.7
      8. 1.0

CWE

ID Name Description Links
CWE-189 Numeric Errors Weaknesses in this category are related to improper calculation or conversion of numbers. CVE

References

Source Link
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/32666
BUGTRAQ http://www.securityfocus.com/archive/1/461336/100/0/threaded
BUGTRAQ http://www.securityfocus.com/archive/1/461809/100/0/threaded
SGI ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
SGI ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
FEDORA http://fedoranews.org/cms/node/2709
FEDORA http://fedoranews.org/cms/node/2711
FEDORA http://fedoranews.org/cms/node/2713
FEDORA http://fedoranews.org/cms/node/2728
FEDORA http://fedoranews.org/cms/node/2747
FEDORA http://fedoranews.org/cms/node/2749
HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
SUSE http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
REDHAT http://rhn.redhat.com/errata/RHSA-2007-0077.html
GENTOO http://security.gentoo.org/glsa/glsa-200703-18.xml
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
DEBIAN http://www.debian.org/security/2007/dsa-1336
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
CERT-VN http://www.kb.cert.org/vuls/id/377812
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
SUSE http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
REDHAT http://www.redhat.com/support/errata/RHSA-2007-0078.html
REDHAT http://www.redhat.com/support/errata/RHSA-2007-0079.html
REDHAT http://www.redhat.com/support/errata/RHSA-2007-0097.html
REDHAT http://www.redhat.com/support/errata/RHSA-2007-0108.html
BID http://www.securityfocus.com/bid/22694
BID http://www.securityfocus.com/bid/64758
SECTRACK http://www.securitytracker.com/id?1017696
UBUNTU http://www.ubuntu.com/usn/usn-428-1
UBUNTU http://www.ubuntu.com/usn/usn-431-1
VUPEN http://www.vupen.com/english/advisories/2007/0718
VUPEN http://www.vupen.com/english/advisories/2007/0719
VUPEN http://www.vupen.com/english/advisories/2007/1165
VUPEN http://www.vupen.com/english/advisories/2007/2141
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=364319
CONFIRM https://issues.rpath.com/browse/RPL-1081
CONFIRM https://issues.rpath.com/browse/RPL-1103