CVE-2007-0008

Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions prior to 3.11.5 Firefox versions prior to 1.5.0.10 and 2.x versions prior to 2.0.0.2 SeaMonkey version prior to 1.0.8 Thunderbird version prior to 1.5.0.10 Sun Java System server products versions prior to 20070611

Description The issue allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the Master Secret, resulting in a heap-based overflow. This is due to an integer underflow in the SSLv2 support.

Recommendations For Mozilla Network Security Services (NSS) versions prior to 3.11.5, update to version 3.11.5 or later. For Firefox versions prior to 1.5.0.10, update to version 1.5.0.10 or later. For Firefox 2.x versions prior to 2.0.0.2, update to version 2.0.0.2 or later. For SeaMonkey version prior to 1.0.8, update to version 1.0.8 or later. For Thunderbird version prior to 1.5.0.10, update to version 1.5.0.10 or later. For Sun Java System server products versions prior to 20070611, update to a version from after 20070611.