CVE-2007-0775LOW
Description
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.
References
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24252
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24389
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24406
http://secunia.com/advisories/24410
http://secunia.com/advisories/24437
http://secunia.com/advisories/24455
http://secunia.com/advisories/24456
http://secunia.com/advisories/24457
http://secunia.com/advisories/24522
http://secunia.com/advisories/24650
http://secunia.com/advisories/25588
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://security.gentoo.org/glsa/glsa-200703-18.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.debian.org/security/2007/dsa-1336
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.kb.cert.org/vuls/id/761756
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/22694
http://www.securitytracker.com/id?1017698
http://www.ubuntu.com/usn/usn-428-1
http://www.ubuntu.com/usn/usn-431-1
http://www.vupen.com/english/advisories/2007/0718
http://www.vupen.com/english/advisories/2007/0719
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/32704
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10012
Details
Source: MITRE
Published: 2007-02-26
Updated: 2018-10-16
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 3.7
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 1.9
Severity: LOW
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 67455 | Oracle Linux 4 : Firefox (ELSA-2007-0079) | Nessus | Oracle Linux Local Security Checks | high |
| 67454 | Oracle Linux 4 : thunderbird (ELSA-2007-0078) | Nessus | Oracle Linux Local Security Checks | high |
| 67453 | Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0077) | Nessus | Oracle Linux Local Security Checks | high |
| 67452 | Oracle Linux 4 : seamonkey (ELSA-2007-0077-2) | Nessus | Oracle Linux Local Security Checks | high |
| 63841 | RHEL 5 : thunderbird (RHSA-2007:0108) | Nessus | Red Hat Local Security Checks | high |
| 29359 | SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683) | Nessus | SuSE Local Security Checks | high |
| 28025 | Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-431-1) | Nessus | Ubuntu Local Security Checks | high |
| 28022 | Ubuntu 6.06 LTS : firefox regression (USN-428-2) | Nessus | Ubuntu Local Security Checks | high |
| 28021 | Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerabilities (USN-428-1) | Nessus | Ubuntu Local Security Checks | high |
| 27440 | openSUSE 10 Security Update : seamonkey (seamonkey-2811) | Nessus | SuSE Local Security Checks | high |
| 27439 | openSUSE 10 Security Update : seamonkey (seamonkey-2691) | Nessus | SuSE Local Security Checks | high |
| 27129 | openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2734) | Nessus | SuSE Local Security Checks | high |
| 27119 | openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699) | Nessus | SuSE Local Security Checks | high |
| 27118 | openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2647) | Nessus | SuSE Local Security Checks | high |
| 25779 | Debian DSA-1336-1 : mozilla-firefox - several vulnerabilities | Nessus | Debian Local Security Checks | high |
| 25318 | RHEL 5 : firefox (RHSA-2007:0097) | Nessus | Red Hat Local Security Checks | high |
| 24867 | GLSA-200703-18 : Mozilla Thunderbird: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 3942 | LedgerSMB / SQL-Ledger Authentication Bypass | Nessus Network Monitor | Web Servers | medium |
| 24800 | GLSA-200703-08 : SeaMonkey: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 24791 | Slackware 11.0 : seamonkey (SSA:2007-066-05) | Nessus | Slackware Local Security Checks | high |
| 24790 | Slackware 10.2 / 11.0 : mozilla-thunderbird (SSA:2007-066-04) | Nessus | Slackware Local Security Checks | high |
| 24789 | Slackware 10.2 / 11.0 : mozilla-firefox (SSA:2007-066-03) | Nessus | Slackware Local Security Checks | high |
| 24778 | Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2007:052) | Nessus | Mandriva Local Security Checks | high |
| 24774 | RHEL 4 : thunderbird (RHSA-2007:0078) | Nessus | Red Hat Local Security Checks | high |
| 24771 | GLSA-200703-04 : Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 24769 | Fedora Core 5 : thunderbird-1.5.0.10-1.fc5 (2007-309) | Nessus | Fedora Local Security Checks | high |
| 24768 | Fedora Core 6 : thunderbird-1.5.0.10-1.fc6 (2007-308) | Nessus | Fedora Local Security Checks | high |
| 24763 | CentOS 4 : thunderbird (CESA-2007:0078) | Nessus | CentOS Local Security Checks | high |
| 3931 | Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities (deprecated) | Nessus Network Monitor | SMTP Clients | medium |
| 24753 | Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:050-1) | Nessus | Mandriva Local Security Checks | high |
| 24748 | Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities | Nessus | Windows | high |
| 3927 | SeaMonkey < 1.0.8 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 24735 | SeaMonkey < 1.0.8 Multiple Vulnerabilities | Nessus | Windows | high |
| 24729 | Fedora Core 6 : devhelp-0.12-10.fc6 / epiphany-2.16.3-2.fc6 / firefox-1.5.0.10-1.fc6 / etc (2007-293) | Nessus | Fedora Local Security Checks | high |
| 24716 | Fedora Core 5 : firefox-1.5.0.10-1.fc5 (2007-281) | Nessus | Fedora Local Security Checks | high |
| 3922 | Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 24708 | RHEL 4 : Firefox (RHSA-2007:0079) | Nessus | Red Hat Local Security Checks | high |
| 24707 | RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0077) | Nessus | Red Hat Local Security Checks | high |
| 24705 | FreeBSD : mozilla -- multiple vulnerabilities (12bd6ecf-c430-11db-95c5-000c6ec775d9) | Nessus | FreeBSD Local Security Checks | high |
| 24704 | CentOS 4 : firefox (CESA-2007:0079) | Nessus | CentOS Local Security Checks | high |
| 24703 | CentOS 3 / 4 : seamonkey (CESA-2007:0077) | Nessus | CentOS Local Security Checks | high |
| 24701 | Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities | Nessus | Windows | high |
| 800879 | SeaMonkey < 1.0.8 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 800760 | Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |