CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

Published : 2007-02-26 20:28 Updated : 2019-10-09 22:51

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Canonical Ubuntu Linux 5.10 cpe:/o:canonical:ubuntu_linux:5.10
Canonical Ubuntu Linux 6.06 cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~
Canonical Ubuntu Linux 6.10 cpe:/o:canonical:ubuntu_linux:6.10
Debian Debian Linux 3.1 cpe:/o:debian:debian_linux:3.1
Debian Debian Linux 4.0 cpe:/o:debian:debian_linux:4.0
Mozilla Firefox 1.5 cpe:/a:mozilla:firefox:1.5
Mozilla Firefox 1.5 cpe:/a:mozilla:firefox:1.5:beta1
Mozilla Firefox 1.5 cpe:/a:mozilla:firefox:1.5:beta2
Mozilla Firefox 1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.1
Mozilla Firefox 1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.2
Mozilla Firefox 1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.3
Mozilla Firefox 1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.4
Mozilla Firefox 1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.5
Mozilla Firefox 1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.6
Mozilla Firefox 1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.7
Mozilla Firefox 1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.8
Mozilla Firefox 1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.9
Mozilla Firefox 2.0 cpe:/a:mozilla:firefox:2.0
Mozilla Firefox 2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.1
Mozilla Network Security Services - cpe:/a:mozilla:network_security_services:-
Mozilla Network Security Services 3.1 cpe:/a:mozilla:network_security_services:3.1
Mozilla Network Security Services 3.1.1 cpe:/a:mozilla:network_security_services:3.1.1
Mozilla Network Security Services 3.2 cpe:/a:mozilla:network_security_services:3.2
Mozilla Network Security Services 3.2.1 cpe:/a:mozilla:network_security_services:3.2.1
Mozilla Network Security Services 3.3 cpe:/a:mozilla:network_security_services:3.3
Mozilla Network Security Services 3.3.1 cpe:/a:mozilla:network_security_services:3.3.1
Mozilla Network Security Services 3.3.2 cpe:/a:mozilla:network_security_services:3.3.2
Mozilla Network Security Services 3.4 cpe:/a:mozilla:network_security_services:3.4
Mozilla Network Security Services 3.4.1 cpe:/a:mozilla:network_security_services:3.4.1
Mozilla Network Security Services 3.4.2 cpe:/a:mozilla:network_security_services:3.4.2
Mozilla Network Security Services 3.4.3 cpe:/a:mozilla:network_security_services:3.4.3
Mozilla Network Security Services 3.5 cpe:/a:mozilla:network_security_services:3.5
Mozilla Network Security Services 3.6 cpe:/a:mozilla:network_security_services:3.6
Mozilla Network Security Services 3.6.1 cpe:/a:mozilla:network_security_services:3.6.1
Mozilla Network Security Services 3.7 cpe:/a:mozilla:network_security_services:3.7
Mozilla Network Security Services 3.7.1 cpe:/a:mozilla:network_security_services:3.7.1
Mozilla Network Security Services 3.7.2 cpe:/a:mozilla:network_security_services:3.7.2
Mozilla Network Security Services 3.7.3 cpe:/a:mozilla:network_security_services:3.7.3
Mozilla Network Security Services 3.7.5 cpe:/a:mozilla:network_security_services:3.7.5
Mozilla Network Security Services 3.7.7 cpe:/a:mozilla:network_security_services:3.7.7
Mozilla Network Security Services 3.8 cpe:/a:mozilla:network_security_services:3.8
Mozilla Network Security Services 3.9 cpe:/a:mozilla:network_security_services:3.9
Mozilla Network Security Services 3.9.1 cpe:/a:mozilla:network_security_services:3.9.1
Mozilla Network Security Services 3.9.2 cpe:/a:mozilla:network_security_services:3.9.2
Mozilla Network Security Services 3.9.3 cpe:/a:mozilla:network_security_services:3.9.3
Mozilla Network Security Services 3.9.4 cpe:/a:mozilla:network_security_services:3.9.4
Mozilla Network Security Services 3.9.5 cpe:/a:mozilla:network_security_services:3.9.5
Mozilla Network Security Services 3.10 cpe:/a:mozilla:network_security_services:3.10
Mozilla Network Security Services 3.10.1 cpe:/a:mozilla:network_security_services:3.10.1
Mozilla Network Security Services 3.10.2 cpe:/a:mozilla:network_security_services:3.10.2
Mozilla Network Security Services 3.11 cpe:/a:mozilla:network_security_services:3.11
Mozilla Network Security Services 3.11.1 cpe:/a:mozilla:network_security_services:3.11.1
Mozilla Network Security Services 3.11.2 cpe:/a:mozilla:network_security_services:3.11.2
Mozilla Network Security Services 3.11.3 cpe:/a:mozilla:network_security_services:3.11.3
Mozilla Network Security Services 3.11.4 cpe:/a:mozilla:network_security_services:3.11.4
Mozilla Seamonkey - cpe:/a:mozilla:seamonkey:-
Mozilla Seamonkey 1.0 cpe:/a:mozilla:seamonkey:1.0
Mozilla Seamonkey 1.0 cpe:/a:mozilla:seamonkey:1.0:alpha
Mozilla Seamonkey 1.0 cpe:/a:mozilla:seamonkey:1.0:beta
Mozilla Seamonkey 1.0.1 cpe:/a:mozilla:seamonkey:1.0.1
Mozilla Seamonkey 1.0.2 cpe:/a:mozilla:seamonkey:1.0.2
Mozilla Seamonkey 1.0.3 cpe:/a:mozilla:seamonkey:1.0.3
Mozilla Seamonkey 1.0.4 cpe:/a:mozilla:seamonkey:1.0.4
Mozilla Seamonkey 1.0.5 cpe:/a:mozilla:seamonkey:1.0.5
Mozilla Seamonkey 1.0.6 cpe:/a:mozilla:seamonkey:1.0.6
Mozilla Seamonkey 1.0.7 cpe:/a:mozilla:seamonkey:1.0.7
Mozilla Thunderbird - cpe:/a:mozilla:thunderbird:-
Mozilla Thunderbird 0.1 cpe:/a:mozilla:thunderbird:0.1
Mozilla Thunderbird 0.2 cpe:/a:mozilla:thunderbird:0.2
Mozilla Thunderbird 0.3 cpe:/a:mozilla:thunderbird:0.3
Mozilla Thunderbird 0.4 cpe:/a:mozilla:thunderbird:0.4
Mozilla Thunderbird 0.5 cpe:/a:mozilla:thunderbird:0.5
Mozilla Thunderbird 0.6 cpe:/a:mozilla:thunderbird:0.6
Mozilla Thunderbird 0.7 cpe:/a:mozilla:thunderbird:0.7
Mozilla Thunderbird 0.7 cpe:/a:mozilla:thunderbird:0.7:-
Mozilla Thunderbird 0.7 cpe:/a:mozilla:thunderbird:0.7:rc
Mozilla Thunderbird 0.7.1 cpe:/a:mozilla:thunderbird:0.7.1
Mozilla Thunderbird 0.7.2 cpe:/a:mozilla:thunderbird:0.7.2
Mozilla Thunderbird 0.7.3 cpe:/a:mozilla:thunderbird:0.7.3
Mozilla Thunderbird 0.8 cpe:/a:mozilla:thunderbird:0.8
Mozilla Thunderbird 0.9 cpe:/a:mozilla:thunderbird:0.9
Mozilla Thunderbird 1.0 cpe:/a:mozilla:thunderbird:1.0
Mozilla Thunderbird 1.0 cpe:/a:mozilla:thunderbird:1.0:-
Mozilla Thunderbird 1.0 cpe:/a:mozilla:thunderbird:1.0:rc
Mozilla Thunderbird 1.0.2 cpe:/a:mozilla:thunderbird:1.0.2
Mozilla Thunderbird 1.0.5 cpe:/a:mozilla:thunderbird:1.0.5
Mozilla Thunderbird 1.0.6 cpe:/a:mozilla:thunderbird:1.0.6
Mozilla Thunderbird 1.0.7 cpe:/a:mozilla:thunderbird:1.0.7
Mozilla Thunderbird 1.0.8 cpe:/a:mozilla:thunderbird:1.0.8
Mozilla Thunderbird 1.1 cpe:/a:mozilla:thunderbird:1.1:alpha1
Mozilla Thunderbird 1.1 cpe:/a:mozilla:thunderbird:1.1:alpha2
Mozilla Thunderbird 1.5 cpe:/a:mozilla:thunderbird:1.5
Mozilla Thunderbird 1.5 cpe:/a:mozilla:thunderbird:1.5:-
Mozilla Thunderbird 1.5 cpe:/a:mozilla:thunderbird:1.5:beta1
Mozilla Thunderbird 1.5 cpe:/a:mozilla:thunderbird:1.5:beta2
Mozilla Thunderbird 1.5 cpe:/a:mozilla:thunderbird:1.5:rc1
Mozilla Thunderbird 1.5 cpe:/a:mozilla:thunderbird:1.5:rc2
Mozilla Thunderbird 1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.2
Mozilla Thunderbird 1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.4
Mozilla Thunderbird 1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.5
Mozilla Thunderbird 1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.7
Mozilla Thunderbird 1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.8
Mozilla Thunderbird 1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.9
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (3) Search CVE
      1. 5.10
      2. 6.06
      3. 6.10
  2. Mozilla (4) Search CVE
    1. Firefox (12) Search CVE
      1. 1.5
      2. 1.5.0.1
      3. 1.5.0.2
      4. 1.5.0.3
      5. 1.5.0.4
      6. 1.5.0.5
      7. 1.5.0.6
      8. 1.5.0.7
      9. 1.5.0.8
      10. 1.5.0.9
      11. 2.0
      12. 2.0.0.1
    2. Thunderbird (27) Search CVE
      1. -
      2. 0.1
      3. 0.2
      4. 0.3
      5. 0.4
      6. 0.5
      7. 0.6
      8. 0.7
      9. 0.7.1
      10. 0.7.2
      11. 0.7.3
      12. 0.8
      13. 0.9
      14. 1.0
      15. 1.0.2
      16. 1.0.5
      17. 1.0.6
      18. 1.0.7
      19. 1.0.8
      20. 1.1
      21. 1.5
      22. 1.5.0.2
      23. 1.5.0.4
      24. 1.5.0.5
      25. 1.5.0.7
      26. 1.5.0.8
      27. 1.5.0.9
    3. Seamonkey (9) Search CVE
      1. -
      2. 1.0
      3. 1.0.1
      4. 1.0.2
      5. 1.0.3
      6. 1.0.4
      7. 1.0.5
      8. 1.0.6
      9. 1.0.7
    4. Network Security Services (36) Search CVE
      1. -
      2. 3.1
      3. 3.1.1
      4. 3.2
      5. 3.2.1
      6. 3.3
      7. 3.3.1
      8. 3.3.2
      9. 3.4
      10. 3.4.1
      11. 3.4.2
      12. 3.4.3
      13. 3.5
      14. 3.6
      15. 3.6.1
      16. 3.7
      17. 3.7.1
      18. 3.7.2
      19. 3.7.3
      20. 3.7.5
      21. 3.7.7
      22. 3.8
      23. 3.9
      24. 3.9.1
      25. 3.9.2
      26. 3.9.3
      27. 3.9.4
      28. 3.9.5
      29. 3.10
      30. 3.10.1
      31. 3.10.2
      32. 3.11
      33. 3.11.1
      34. 3.11.2
      35. 3.11.3
      36. 3.11.4
  3. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 3.1
      2. 4.0

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

References

Source Link
BUGTRAQ http://www.securityfocus.com/archive/1/461336/100/0/threaded
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/32663
SGI ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
SGI ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
FEDORA http://fedoranews.org/cms/node/2709
FEDORA http://fedoranews.org/cms/node/2711
FEDORA http://fedoranews.org/cms/node/2747
FEDORA http://fedoranews.org/cms/node/2749
HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
SUSE http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
SUSE http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
CONFIRM https://issues.rpath.com/browse/RPL-1081
CONFIRM https://issues.rpath.com/browse/RPL-1103
VUPEN http://www.vupen.com/english/advisories/2007/0719
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
REDHAT http://www.redhat.com/support/errata/RHSA-2007-0079.html
REDHAT http://www.redhat.com/support/errata/RHSA-2007-0097.html
GENTOO http://security.gentoo.org/glsa/glsa-200703-18.xml
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
BID http://www.securityfocus.com/bid/64758
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=364323
REDHAT http://www.redhat.com/support/errata/RHSA-2007-0078.html
UBUNTU http://www.ubuntu.com/usn/usn-428-1
CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
VUPEN http://www.vupen.com/english/advisories/2007/2141
REDHAT http://rhn.redhat.com/errata/RHSA-2007-0077.html
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
UBUNTU http://www.ubuntu.com/usn/usn-431-1
VUPEN http://www.vupen.com/english/advisories/2007/0718
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
SECTRACK http://www.securitytracker.com/id?1017696
CERT-VN http://www.kb.cert.org/vuls/id/592796
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
REDHAT http://www.redhat.com/support/errata/RHSA-2007-0108.html
DEBIAN http://www.debian.org/security/2007/dsa-1336
VUPEN http://www.vupen.com/english/advisories/2007/1165
BUGTRAQ http://www.securityfocus.com/archive/1/461809/100/0/threaded

History of changes

Date Event
2019-10-09 22:51
2018-10-17 18:00
2018-10-16 16:30
2017-07-31 20:43
2007-02-26 20:28

New CVE