Home > Vulnerability Database > CVE-2007-0009

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-0009

Date: February 26, 2007

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

Severity Score

5.6

Related Resources (70)

Url: http://secunia.com/advisories/24290

Url: http://www.securityfocus.com/archive/1/461809/100/0/threaded

Url: http://fedoranews.org/cms/node/2747

Url: http://secunia.com/advisories/24293

Url: http://fedoranews.org/cms/node/2749

Url: https://issues.rpath.com/browse/RPL-1081

Url: http://fedoranews.org/cms/node/2709

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-0009

Url: http://www.osvdb.org/32106

Url: http://www.securityfocus.com/bid/64758

Url: http://secunia.com/advisories/24406

Url: http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Url: http://secunia.com/advisories/24562

Url: http://secunia.com/advisories/24287

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/32663

Url: http://www.ubuntu.com/usn/usn-428-1

Url: http://secunia.com/advisories/24522

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: http://www.securityfocus.com/archive/1/461336/100/0/threaded

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=364323

Url: http://www.ubuntu.com/usn/usn-431-1

Url: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

Url: http://www.vupen.com/english/advisories/2007/2141

Url: http://www.debian.org/security/2007/dsa-1336

Url: http://www.redhat.com/support/errata/RHSA-2007-0078.html

Url: http://secunia.com/advisories/24457

Url: http://secunia.com/advisories/24253

Url: http://www.vupen.com/english/advisories/2007/0718

Url: http://secunia.com/advisories/24650

Url: http://www.vupen.com/english/advisories/2007/0719

Url: http://www.redhat.com/support/errata/RHSA-2007-0097.html

Url: http://secunia.com/advisories/25588

Url: http://secunia.com/advisories/24455

Url: http://secunia.com/advisories/24456

Url: https://access.redhat.com/security/cve/CVE-2007-0009

Url: http://secunia.com/advisories/24410

Url: http://secunia.com/advisories/24333

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-0009

Url: http://www.securitytracker.com/id?1017696

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1

Url: https://issues.rpath.com/browse/RPL-1103

Url: http://www.vupen.com/english/advisories/2007/1165

Url: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

Url: http://security.gentoo.org/glsa/glsa-200703-18.xml

Url: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483

Url: http://secunia.com/advisories/24703

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Url: http://secunia.com/advisories/24342

Url: http://www.redhat.com/support/errata/RHSA-2007-0079.html

Url: http://secunia.com/advisories/24384

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:052

Url: http://secunia.com/advisories/24389

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

Url: http://secunia.com/advisories/25597

Url: http://secunia.com/advisories/24343

Url: http://fedoranews.org/cms/node/2711

Url: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Url: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Url: http://rhn.redhat.com/errata/RHSA-2007-0077.html

Url: http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml

Url: http://www.redhat.com/support/errata/RHSA-2007-0108.html

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1

Url: http://secunia.com/advisories/24395

Url: http://www.kb.cert.org/vuls/id/592796

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-06.html

Url: http://secunia.com/advisories/24277

Url: https://www.mend.io/vulnerability-database/CVE-2007-0009

Severity Score

5.6

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us