PT-2007-1509 · Mozilla+2 · Thunderbird+5

Published

2007-02-23

·

Updated

2024-12-12

·

CVE-2007-0009

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions prior to 3.11.5 Firefox versions prior to 1.5.0.10 and 2.x versions prior to 2.0.0.2 Thunderbird versions prior to 1.5.0.10 SeaMonkey versions prior to 1.0.8 Sun Java System server products versions prior to 20070611
Description A stack-based buffer overflow issue exists in the SSLv2 support, allowing remote attackers to execute arbitrary code via invalid Client Master Key length values.
Recommendations For Mozilla Network Security Services (NSS) versions prior to 3.11.5, update to version 3.11.5 or later. For Firefox versions prior to 1.5.0.10, update to version 1.5.0.10 or later. For Firefox 2.x versions prior to 2.0.0.2, update to version 2.0.0.2 or later. For Thunderbird versions prior to 1.5.0.10, update to version 1.5.0.10 or later. For SeaMonkey versions prior to 1.0.8, update to version 1.0.8 or later. For Sun Java System server products versions prior to 20070611, update to a version released after 20070611.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-0009
DSA-1336-1
HPSBUX02153
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
RHSA-2007:0077
RHSA-2007:0078
RHSA-2007:0079
RHSA-2007:0097
RHSA-2007:0108
RHSA-2007_0077
RHSA-2007_0078
RHSA-2007_0079
RHSA-2007_0097
RHSA-2007_0108

Affected Products

Firefox
Network Security Services
Red Hat
Seamonkey
Sun Java System Server Products
Thunderbird