CVE-2007-0009

Mozilla Firefox < 1.5.0.10 and 2.x < 2.0.0.2 - Remote Code Execution via SSLv2 Client Master Key Length Handling

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

References (66)

Core 66
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0078.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24562
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25597
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
Broken Link vendor-advisory x_refsource_fedora
http://fedoranews.org/cms/node/2709
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24703
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24395
Broken Link third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Broken Link vendor-advisory x_refsource_fedora
http://fedoranews.org/cms/node/2747
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0108.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24277
Mailing List, Third Party Advisory vendor-advisory x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24384
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24406
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24457
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24253
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24343
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1336
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/592796
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1165
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017696
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0718
Broken Link vendor-advisory x_refsource_fedora
http://fedoranews.org/cms/node/2711
Broken Link vendor-advisory x_refsource_fedora
http://fedoranews.org/cms/node/2749
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200703-18.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24650
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-428-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25588
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1103
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24293
Mailing List, Third Party Advisory vendor-advisory x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24456
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24342
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24287
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24522
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=364323
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0719
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-431-1
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0097.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24389
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1081
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24410
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/32106
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24333
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2141
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64758
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24290
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24455
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2007-0077.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0079.html

Scores

EPSS 0.5036
EPSS Percentile 98.8%

Details

CWE
CWE-119
Status published
Products (9)
canonical/ubuntu_linux 5.10
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 6.10
debian/debian_linux 3.1
debian/debian_linux 4.0
mozilla/firefox 1.5 - 1.5.0.10
mozilla/network_security_services < 3.11.5
mozilla/seamonkey < 1.0.8
mozilla/thunderbird < 1.5.0.10
Published Feb 26, 2007
Tracked Since Feb 18, 2026