CVE-2007-0009 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
49.5%
top 2.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 26
Latest updateMay 3
Description
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages4 packages
Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 5.10, 6.06, 6.10
🔴Vulnerability Details
2📋Vendor Advisories
3💬Community
8Bugzilla▶
CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007↗2007-03-01
Bugzilla▶
CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007↗2007-03-01