CVE-2007-0009
Mozilla Firefox < 1.5.0.10 and 2.x < 2.0.0.2 - Remote Code Execution via SSLv2 Client Master Key Length Handling
Title source: llmDescription
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
References (66)
Core 66
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0078.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24562
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25597
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
Broken Link vendor-advisory
x_refsource_fedora
http://fedoranews.org/cms/node/2709
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24703
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24395
Broken Link third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Broken Link vendor-advisory
x_refsource_fedora
http://fedoranews.org/cms/node/2747
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0108.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24277
Mailing List, Third Party Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24384
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24406
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24457
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24253
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24343
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1336
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/592796
Broken Link vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1165
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1017696
Broken Link vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0718
Broken Link vendor-advisory
x_refsource_fedora
http://fedoranews.org/cms/node/2711
Broken Link vendor-advisory
x_refsource_fedora
http://fedoranews.org/cms/node/2749
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200703-18.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24650
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-428-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25588
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1103
Broken Link vendor-advisory
x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Broken Link vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24293
Mailing List, Third Party Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24456
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24342
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24287
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24522
Broken Link vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=364323
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0719
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-431-1
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0097.html
Broken Link vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24389
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1081
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24410
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/32106
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24333
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2141
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64758
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24290
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24455
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2007-0077.html
Broken Link vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0079.html
Scores
EPSS
0.5036
EPSS Percentile
98.8%
Details
CWE
CWE-119
Status
published
Products (9)
canonical/ubuntu_linux
5.10
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
6.10
debian/debian_linux
3.1
debian/debian_linux
4.0
mozilla/firefox
1.5 - 1.5.0.10
mozilla/network_security_services
< 3.11.5
mozilla/seamonkey
< 1.0.8
mozilla/thunderbird
< 1.5.0.10
Published
Feb 26, 2007
Tracked Since
Feb 18, 2026