CVE-2007-0009

high

Description

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174

https://exchange.xforce.ibmcloud.com/vulnerabilities/32663

https://bugzilla.mozilla.org/show_bug.cgi?id=364323

http://www.vupen.com/english/advisories/2007/2141

http://www.vupen.com/english/advisories/2007/1165

http://www.vupen.com/english/advisories/2007/0719

http://www.vupen.com/english/advisories/2007/0718

http://www.ubuntu.com/usn/usn-431-1

http://www.ubuntu.com/usn/usn-428-1

http://www.securitytracker.com/id?1017696

http://www.securityfocus.com/bid/64758

http://www.securityfocus.com/archive/1/461809/100/0/threaded

http://www.securityfocus.com/archive/1/461336/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-0108.html

http://www.redhat.com/support/errata/RHSA-2007-0097.html

http://www.redhat.com/support/errata/RHSA-2007-0079.html

http://www.redhat.com/support/errata/RHSA-2007-0078.html

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://www.mozilla.org/security/announce/2007/mfsa2007-06.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:052

http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

http://www.kb.cert.org/vuls/id/592796

http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml

http://www.debian.org/security/2007/dsa-1336

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

http://security.gentoo.org/glsa/glsa-200703-18.xml

http://secunia.com/advisories/25597

http://secunia.com/advisories/25588

http://secunia.com/advisories/24703

http://secunia.com/advisories/24650

http://secunia.com/advisories/24562

http://secunia.com/advisories/24522

http://secunia.com/advisories/24457

http://secunia.com/advisories/24456

http://secunia.com/advisories/24455

http://secunia.com/advisories/24410

http://secunia.com/advisories/24406

http://secunia.com/advisories/24395

http://secunia.com/advisories/24389

http://secunia.com/advisories/24384

http://secunia.com/advisories/24343

http://secunia.com/advisories/24342

http://secunia.com/advisories/24333

http://secunia.com/advisories/24293

http://secunia.com/advisories/24290

http://secunia.com/advisories/24287

http://secunia.com/advisories/24277

http://secunia.com/advisories/24253

http://rhn.redhat.com/errata/RHSA-2007-0077.html

Details

Source: Mitre, NVD

Published: 2007-02-26

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High