CVE-2007-0009

Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions prior to 3.11.5 Firefox versions prior to 1.5.0.10 and 2.x versions prior to 2.0.0.2 Thunderbird versions prior to 1.5.0.10 SeaMonkey versions prior to 1.0.8 Sun Java System server products versions prior to 20070611

Description A stack-based buffer overflow issue exists in the SSLv2 support, allowing remote attackers to execute arbitrary code via invalid Client Master Key length values.

Recommendations For Mozilla Network Security Services (NSS) versions prior to 3.11.5, update to version 3.11.5 or later. For Firefox versions prior to 1.5.0.10, update to version 1.5.0.10 or later. For Firefox 2.x versions prior to 2.0.0.2, update to version 2.0.0.2 or later. For Thunderbird versions prior to 1.5.0.10, update to version 1.5.0.10 or later. For SeaMonkey versions prior to 1.0.8, update to version 1.0.8 or later. For Sun Java System server products versions prior to 20070611, update to a version released after 20070611.