CVE-2007-0776

Mozilla Firefox <2.0.0.2 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

References (46)

Core 46
Core References
Mailing List vendor-advisory x_refsource_fedora
http://fedoranews.org/cms/node/2747
Mailing List vendor-advisory x_refsource_fedora
http://fedoranews.org/cms/node/2749
Mailing List vendor-advisory x_refsource_fedora
http://fedoranews.org/cms/node/2728
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/551436
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24406
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24328
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200703-04.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24252
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24384
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24457
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0718
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200703-18.xml
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-428-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24320
Various Sources vendor-advisory x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0083
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32698
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24293
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24238
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24456
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24393
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24522
Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=360645
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22694
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0719
Mailing List vendor-advisory x_refsource_fedora
http://fedoranews.org/cms/node/2713
Patch, Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-431-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/32113
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24205
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24389
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1081
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24410
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24333
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24455
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017698
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24437

Scores

EPSS 0.0674
EPSS Percentile 93.2%

Details

CWE
CWE-119
Status published
Products (3)
mozilla/firefox < 2.0.0.1
mozilla/seamonkey < 1.0.7
mozilla/thunderbird < 1.5.0.9
Published Feb 26, 2007
Tracked Since Feb 18, 2026