CVE-2007-0776

HIGH

Description

Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

References

http://fedoranews.org/cms/node/2713

http://fedoranews.org/cms/node/2728

http://fedoranews.org/cms/node/2747

http://fedoranews.org/cms/node/2749

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

http://secunia.com/advisories/24205

http://secunia.com/advisories/24238

http://secunia.com/advisories/24252

http://secunia.com/advisories/24293

http://secunia.com/advisories/24320

http://secunia.com/advisories/24328

http://secunia.com/advisories/24333

http://secunia.com/advisories/24384

http://secunia.com/advisories/24389

http://secunia.com/advisories/24393

http://secunia.com/advisories/24406

http://secunia.com/advisories/24410

http://secunia.com/advisories/24437

http://secunia.com/advisories/24455

http://secunia.com/advisories/24456

http://secunia.com/advisories/24457

http://secunia.com/advisories/24522

http://security.gentoo.org/glsa/glsa-200703-04.xml

http://security.gentoo.org/glsa/glsa-200703-18.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

http://www.kb.cert.org/vuls/id/551436

http://www.mandriva.com/security/advisories?name=MDKSA-2007:052

http://www.mozilla.org/security/announce/2007/mfsa2007-01.html

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

http://www.osvdb.org/32113

http://www.securityfocus.com/archive/1/461336/100/0/threaded

http://www.securityfocus.com/archive/1/461809/100/0/threaded

http://www.securityfocus.com/bid/22694

http://www.securitytracker.com/id?1017698

http://www.ubuntu.com/usn/usn-428-1

http://www.ubuntu.com/usn/usn-431-1

http://www.vupen.com/english/advisories/2007/0718

http://www.vupen.com/english/advisories/2007/0719

http://www.vupen.com/english/advisories/2008/0083

https://bugzilla.mozilla.org/show_bug.cgi?id=360645

https://exchange.xforce.ibmcloud.com/vulnerabilities/32698

https://issues.rpath.com/browse/RPL-1081

Details

Source: MITRE

Published: 2007-02-26

Updated: 2018-10-16

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (32 total)

ID	Name	Product	Family	Severity
29359	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683)	Nessus	SuSE Local Security Checks	high
28025	Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-431-1)	Nessus	Ubuntu Local Security Checks	high
28022	Ubuntu 6.06 LTS : firefox regression (USN-428-2)	Nessus	Ubuntu Local Security Checks	high
28021	Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerabilities (USN-428-1)	Nessus	Ubuntu Local Security Checks	high
27440	openSUSE 10 Security Update : seamonkey (seamonkey-2811)	Nessus	SuSE Local Security Checks	high
27439	openSUSE 10 Security Update : seamonkey (seamonkey-2691)	Nessus	SuSE Local Security Checks	high
27129	openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2734)	Nessus	SuSE Local Security Checks	high
27119	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)	Nessus	SuSE Local Security Checks	high
27118	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2647)	Nessus	SuSE Local Security Checks	high
24867	GLSA-200703-18 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
24800	GLSA-200703-08 : SeaMonkey: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
24791	Slackware 11.0 : seamonkey (SSA:2007-066-05)	Nessus	Slackware Local Security Checks	high
24790	Slackware 10.2 / 11.0 : mozilla-thunderbird (SSA:2007-066-04)	Nessus	Slackware Local Security Checks	high
24789	Slackware 10.2 / 11.0 : mozilla-firefox (SSA:2007-066-03)	Nessus	Slackware Local Security Checks	high
3942	LedgerSMB / SQL-Ledger Authentication Bypass	Nessus Network Monitor	Web Servers	medium
24778	Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2007:052)	Nessus	Mandriva Local Security Checks	high
24771	GLSA-200703-04 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
24769	Fedora Core 5 : thunderbird-1.5.0.10-1.fc5 (2007-309)	Nessus	Fedora Local Security Checks	high
24768	Fedora Core 6 : thunderbird-1.5.0.10-1.fc6 (2007-308)	Nessus	Fedora Local Security Checks	high
24753	Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:050-1)	Nessus	Mandriva Local Security Checks	high
24748	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities	Nessus	Windows	high
3931	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	SMTP Clients	medium
24735	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus	Windows	high
24729	Fedora Core 6 : devhelp-0.12-10.fc6 / epiphany-2.16.3-2.fc6 / firefox-1.5.0.10-1.fc6 / etc (2007-293)	Nessus	Fedora Local Security Checks	high
3927	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
24716	Fedora Core 5 : firefox-1.5.0.10-1.fc5 (2007-281)	Nessus	Fedora Local Security Checks	high
24705	FreeBSD : mozilla -- multiple vulnerabilities (12bd6ecf-c430-11db-95c5-000c6ec775d9)	Nessus	FreeBSD Local Security Checks	high
3922	Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
24701	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus	Windows	high
801328	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800879	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800760	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high