Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-0008

Published: 26/02/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mozilla

Vulnerability Summary

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) prior to 3.11.5, as used by Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, SeaMonkey prior to 1.0.8, Thunderbird prior to 1.5.0.10, and certain Sun Java System server products prior to 20070611, allows remote malicious users to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla network security services 3.11.4

mozilla firefox 0.9.3

mozilla firefox 0.9.2

mozilla firefox 0.3

mozilla firefox 0.4

mozilla firefox 1.0.5

mozilla firefox 1.0.4

mozilla firefox 1.5.0.5

mozilla firefox 1.5.0.2

mozilla firefox 1.5.0.7

mozilla firefox 1.5.0.8

mozilla seamonkey 1.0

mozilla thunderbird 1.0.6

mozilla thunderbird 0.7.1

mozilla thunderbird 1.0

mozilla thunderbird 0.6

mozilla thunderbird 0.3

mozilla thunderbird 1.5.0.4

mozilla thunderbird 1.5.0.6

mozilla firefox 2.0

mozilla firefox 0.10

mozilla firefox 0.8

mozilla firefox 0.9

mozilla firefox 0.6.1

mozilla firefox 0.1

mozilla firefox 0.2

mozilla firefox 1.5

mozilla firefox 1.0.8

mozilla firefox 1.5.0.12

mozilla firefox 1.5.0.1

mozilla seamonkey 1.0.4

mozilla seamonkey 1.0.3

mozilla thunderbird 1.0.4

mozilla thunderbird 1.0.5

mozilla thunderbird 0.7.2

mozilla thunderbird 0.9

mozilla thunderbird 0.1

mozilla thunderbird 1.0.7

mozilla thunderbird 1.0.8

mozilla thunderbird 1.5.0.5

mozilla thunderbird 1.5

mozilla firefox 2.0.0.1

mozilla seamonkey

mozilla firefox 0.10.1

mozilla firefox 0.9.1

mozilla firefox 0.7

mozilla firefox 0.7.1

mozilla firefox 1.0.3

mozilla firefox 1.0.2

mozilla firefox 1.4.1

mozilla firefox 1.0

mozilla firefox 1.5.0.4

mozilla firefox 1.5.0.10

mozilla firefox 1.5.0.6

mozilla seamonkey 1.0.2

mozilla seamonkey 1.0.1

mozilla thunderbird 0.7.3

mozilla thunderbird 0.7

mozilla thunderbird 0.2

mozilla thunderbird 0.5

mozilla thunderbird 1.5.0.3

mozilla thunderbird

mozilla network security services 3.11.3

mozilla network security services 3.11.2

mozilla firefox 1.0.1

mozilla firefox 0.5

mozilla firefox 0.6

mozilla firefox 1.0.7

mozilla firefox 1.0.6

mozilla firefox 1.5.0.3

mozilla firefox 1.5.0.11

mozilla seamonkey 1.0.6

mozilla seamonkey 1.0.5

mozilla thunderbird 1.0.2

mozilla thunderbird 1.0.3

mozilla thunderbird 1.0.1

mozilla thunderbird 0.8

mozilla thunderbird 0.4

mozilla thunderbird 1.5.0.8

mozilla thunderbird 1.5.0.7

mozilla thunderbird 1.5.0.1

mozilla thunderbird 1.5.0.2

Vendor Advisories

Debian Security Advisories: DSA-1336-1 mozilla-firefox -- several vulnerabilities
Several remote vulnerabilities have been discovered in Mozilla Firefox This will be the last security update of Mozilla-based products for the oldstable (sarge) distribution of Debian We recommend to upgrade to stable (etch) as soon as possible The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2007-1 ...
Ubuntu Security Notice: mozilla-thunderbird vulnerabilities
The SSLv2 protocol support in the NSS library did not sufficiently check the validity of public keys presented with a SSL certificate A malicious SSL web site using SSLv2 could potentially exploit this to execute arbitrary code with the user’s privileges (CVE-2007-0008) ...
Ubuntu Security Notice: firefox vulnerabilities
Several flaws have been found that could be used to perform Cross-site scripting attacks A malicious web site could exploit these to modify the contents or steal confidential data (such as passwords) from other opened web pages (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996) ...
Ubuntu Security Notice: firefox regression
USN-428-1 fixed vulnerabilities in Firefox 15 However, changes to library paths caused applications depending on libnss3 to fail to start up This update fixes the problem ...
Mozilla: Mozilla Network Security Services (NSS) SSLv2 buffer overflows
Mozilla Foundation Security Advisory 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflows Announced February 23, 2007 Reporter iDefense Impact Critical (Firefox 20 not affected in default configuration) Products ...

References

CWE-189http://www.mozilla.org/security/announce/2007/mfsa2007-06.htmlhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482https://bugzilla.mozilla.org/show_bug.cgi?id=364319https://issues.rpath.com/browse/RPL-1081https://issues.rpath.com/browse/RPL-1103http://fedoranews.org/cms/node/2709http://fedoranews.org/cms/node/2711http://fedoranews.org/cms/node/2713http://fedoranews.org/cms/node/2728http://security.gentoo.org/glsa/glsa-200703-18.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200703-22.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:052http://www.redhat.com/support/errata/RHSA-2007-0079.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0077.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0078.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0097.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0108.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlhttp://www.ubuntu.com/usn/usn-428-1http://www.ubuntu.com/usn/usn-431-1http://www.kb.cert.org/vuls/id/377812http://www.securityfocus.com/bid/22694http://www.osvdb.org/32105http://www.securitytracker.com/id?1017696http://secunia.com/advisories/24238http://secunia.com/advisories/24252http://secunia.com/advisories/24253http://secunia.com/advisories/24277http://secunia.com/advisories/24287http://secunia.com/advisories/24290http://secunia.com/advisories/24205http://secunia.com/advisories/24328http://secunia.com/advisories/24333http://secunia.com/advisories/24343http://secunia.com/advisories/24320http://secunia.com/advisories/24293http://secunia.com/advisories/24395http://secunia.com/advisories/24384http://secunia.com/advisories/24389http://secunia.com/advisories/24410http://secunia.com/advisories/24522http://secunia.com/advisories/24562http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1http://secunia.com/advisories/24703ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.aschttp://secunia.com/advisories/24650http://www.debian.org/security/2007/dsa-1336http://fedoranews.org/cms/node/2747http://fedoranews.org/cms/node/2749http://www.mandriva.com/security/advisories?name=MDKSA-2007:050ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.aschttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1http://www.novell.com/linux/security/advisories/2007_22_mozilla.htmlhttp://secunia.com/advisories/25597http://secunia.com/advisories/24406http://secunia.com/advisories/24455http://secunia.com/advisories/24456http://secunia.com/advisories/24457http://secunia.com/advisories/24342http://secunia.com/advisories/25588http://www.vupen.com/english/advisories/2007/2141http://www.vupen.com/english/advisories/2007/0718http://www.vupen.com/english/advisories/2007/0719http://www.vupen.com/english/advisories/2007/1165http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://www.securityfocus.com/bid/64758http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/32666https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502http://www.securityfocus.com/archive/1/461809/100/0/threadedhttp://www.securityfocus.com/archive/1/461336/100/0/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-1336https://usn.ubuntu.com/431-1/https://www.kb.cert.org/vuls/id/377812
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook