CVE-2007-0776

HIGH

Description

Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

References

http://fedoranews.org/cms/node/2713

http://fedoranews.org/cms/node/2728

http://fedoranews.org/cms/node/2747

http://fedoranews.org/cms/node/2749

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

http://secunia.com/advisories/24205

http://secunia.com/advisories/24238

http://secunia.com/advisories/24252

http://secunia.com/advisories/24293

http://secunia.com/advisories/24320

http://secunia.com/advisories/24328

http://secunia.com/advisories/24333

http://secunia.com/advisories/24384

http://secunia.com/advisories/24389

http://secunia.com/advisories/24393

http://secunia.com/advisories/24406

http://secunia.com/advisories/24410

http://secunia.com/advisories/24437

http://secunia.com/advisories/24455

http://secunia.com/advisories/24456

http://secunia.com/advisories/24457

http://secunia.com/advisories/24522

http://security.gentoo.org/glsa/glsa-200703-04.xml

http://security.gentoo.org/glsa/glsa-200703-18.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

http://www.kb.cert.org/vuls/id/551436

http://www.mandriva.com/security/advisories?name=MDKSA-2007:052

http://www.mozilla.org/security/announce/2007/mfsa2007-01.html

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

http://www.osvdb.org/32113

http://www.securityfocus.com/archive/1/461336/100/0/threaded

http://www.securityfocus.com/archive/1/461809/100/0/threaded

http://www.securityfocus.com/bid/22694

http://www.securitytracker.com/id?1017698

http://www.ubuntu.com/usn/usn-428-1

http://www.ubuntu.com/usn/usn-431-1

http://www.vupen.com/english/advisories/2007/0718

http://www.vupen.com/english/advisories/2007/0719

http://www.vupen.com/english/advisories/2008/0083

https://bugzilla.mozilla.org/show_bug.cgi?id=360645

https://exchange.xforce.ibmcloud.com/vulnerabilities/32698

https://issues.rpath.com/browse/RPL-1081

Details

Source: MITRE

Published: 2007-02-26

Updated: 2018-10-16

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 2.0.0.1 (inclusive)

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 1.0.7 (inclusive)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 1.5.0.9 (inclusive)

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
29359SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683)NessusSuSE Local Security Checks
high
28025Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-431-1)NessusUbuntu Local Security Checks
high
28022Ubuntu 6.06 LTS : firefox regression (USN-428-2)NessusUbuntu Local Security Checks
high
28021Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerabilities (USN-428-1)NessusUbuntu Local Security Checks
high
27440openSUSE 10 Security Update : seamonkey (seamonkey-2811)NessusSuSE Local Security Checks
high
27439openSUSE 10 Security Update : seamonkey (seamonkey-2691)NessusSuSE Local Security Checks
high
27129openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2734)NessusSuSE Local Security Checks
high
27119openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)NessusSuSE Local Security Checks
high
27118openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2647)NessusSuSE Local Security Checks
high
24867GLSA-200703-18 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
24800GLSA-200703-08 : SeaMonkey: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
24791Slackware 11.0 : seamonkey (SSA:2007-066-05)NessusSlackware Local Security Checks
high
24790Slackware 10.2 / 11.0 : mozilla-thunderbird (SSA:2007-066-04)NessusSlackware Local Security Checks
high
24789Slackware 10.2 / 11.0 : mozilla-firefox (SSA:2007-066-03)NessusSlackware Local Security Checks
high
24778Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2007:052)NessusMandriva Local Security Checks
high
24771GLSA-200703-04 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
24769Fedora Core 5 : thunderbird-1.5.0.10-1.fc5 (2007-309)NessusFedora Local Security Checks
high
24768Fedora Core 6 : thunderbird-1.5.0.10-1.fc6 (2007-308)NessusFedora Local Security Checks
high
24753Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:050-1)NessusMandriva Local Security Checks
high
24748Mozilla Thunderbird < 1.5.0.10 Multiple VulnerabilitiesNessusWindows
high
24735SeaMonkey < 1.0.8 Multiple VulnerabilitiesNessusWindows
high
24729Fedora Core 6 : devhelp-0.12-10.fc6 / epiphany-2.16.3-2.fc6 / firefox-1.5.0.10-1.fc6 / etc (2007-293)NessusFedora Local Security Checks
high
24716Fedora Core 5 : firefox-1.5.0.10-1.fc5 (2007-281)NessusFedora Local Security Checks
high
24705FreeBSD : mozilla -- multiple vulnerabilities (12bd6ecf-c430-11db-95c5-000c6ec775d9)NessusFreeBSD Local Security Checks
high
24701Firefox < 1.5.0.10 / 2.0.0.2 Multiple VulnerabilitiesNessusWindows
high
800879SeaMonkey < 1.0.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high