CVE-2007-0777

HIGH

Description

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

http://fedoranews.org/cms/node/2713

http://fedoranews.org/cms/node/2728

http://fedoranews.org/cms/node/2747

http://fedoranews.org/cms/node/2749

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

http://rhn.redhat.com/errata/RHSA-2007-0077.html

http://secunia.com/advisories/24205

http://secunia.com/advisories/24238

http://secunia.com/advisories/24252

http://secunia.com/advisories/24287

http://secunia.com/advisories/24290

http://secunia.com/advisories/24293

http://secunia.com/advisories/24320

http://secunia.com/advisories/24328

http://secunia.com/advisories/24333

http://secunia.com/advisories/24342

http://secunia.com/advisories/24343

http://secunia.com/advisories/24384

http://secunia.com/advisories/24389

http://secunia.com/advisories/24393

http://secunia.com/advisories/24395

http://secunia.com/advisories/24406

http://secunia.com/advisories/24410

http://secunia.com/advisories/24437

http://secunia.com/advisories/24455

http://secunia.com/advisories/24456

http://secunia.com/advisories/24457

http://secunia.com/advisories/24522

http://secunia.com/advisories/24650

http://security.gentoo.org/glsa/glsa-200703-04.xml

http://security.gentoo.org/glsa/glsa-200703-18.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

http://www.kb.cert.org/vuls/id/269484

http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

http://www.mandriva.com/security/advisories?name=MDKSA-2007:052

http://www.mozilla.org/security/announce/2007/mfsa2007-01.html

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

http://www.osvdb.org/32115

http://www.redhat.com/support/errata/RHSA-2007-0078.html

http://www.redhat.com/support/errata/RHSA-2007-0079.html

http://www.redhat.com/support/errata/RHSA-2007-0097.html

http://www.redhat.com/support/errata/RHSA-2007-0108.html

http://www.securityfocus.com/archive/1/461336/100/0/threaded

http://www.securityfocus.com/archive/1/461809/100/0/threaded

http://www.securityfocus.com/bid/22694

http://www.securitytracker.com/id?1017698

http://www.ubuntu.com/usn/usn-428-1

http://www.ubuntu.com/usn/usn-431-1

http://www.vupen.com/english/advisories/2007/0718

http://www.vupen.com/english/advisories/2007/0719

http://www.vupen.com/english/advisories/2008/0083

https://exchange.xforce.ibmcloud.com/vulnerabilities/32699

https://issues.rpath.com/browse/RPL-1081

https://issues.rpath.com/browse/RPL-1103

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11331

Details

Source: MITRE

Published: 2007-02-26

Updated: 2019-10-09

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
67455Oracle Linux 4 : Firefox (ELSA-2007-0079)NessusOracle Linux Local Security Checks
high
67454Oracle Linux 4 : thunderbird (ELSA-2007-0078)NessusOracle Linux Local Security Checks
high
67453Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0077)NessusOracle Linux Local Security Checks
high
67452Oracle Linux 4 : seamonkey (ELSA-2007-0077-2)NessusOracle Linux Local Security Checks
high
63841RHEL 5 : thunderbird (RHSA-2007:0108)NessusRed Hat Local Security Checks
high
29359SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683)NessusSuSE Local Security Checks
high
28025Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-431-1)NessusUbuntu Local Security Checks
high
28022Ubuntu 6.06 LTS : firefox regression (USN-428-2)NessusUbuntu Local Security Checks
high
28021Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerabilities (USN-428-1)NessusUbuntu Local Security Checks
high
27440openSUSE 10 Security Update : seamonkey (seamonkey-2811)NessusSuSE Local Security Checks
high
27439openSUSE 10 Security Update : seamonkey (seamonkey-2691)NessusSuSE Local Security Checks
high
27129openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2734)NessusSuSE Local Security Checks
high
27119openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)NessusSuSE Local Security Checks
high
27118openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2647)NessusSuSE Local Security Checks
high
25318RHEL 5 : firefox (RHSA-2007:0097)NessusRed Hat Local Security Checks
high
24867GLSA-200703-18 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
3942LedgerSMB / SQL-Ledger Authentication BypassNessus Network MonitorWeb Servers
medium
24800GLSA-200703-08 : SeaMonkey: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
24791Slackware 11.0 : seamonkey (SSA:2007-066-05)NessusSlackware Local Security Checks
high
24790Slackware 10.2 / 11.0 : mozilla-thunderbird (SSA:2007-066-04)NessusSlackware Local Security Checks
high
24789Slackware 10.2 / 11.0 : mozilla-firefox (SSA:2007-066-03)NessusSlackware Local Security Checks
high
24778Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2007:052)NessusMandriva Local Security Checks
high
24774RHEL 4 : thunderbird (RHSA-2007:0078)NessusRed Hat Local Security Checks
high
24771GLSA-200703-04 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
24769Fedora Core 5 : thunderbird-1.5.0.10-1.fc5 (2007-309)NessusFedora Local Security Checks
high
24768Fedora Core 6 : thunderbird-1.5.0.10-1.fc6 (2007-308)NessusFedora Local Security Checks
high
24763CentOS 4 : thunderbird (CESA-2007:0078)NessusCentOS Local Security Checks
high
3931Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
24753Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:050-1)NessusMandriva Local Security Checks
high
24748Mozilla Thunderbird < 1.5.0.10 Multiple VulnerabilitiesNessusWindows
high
3927SeaMonkey < 1.0.8 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
24735SeaMonkey < 1.0.8 Multiple VulnerabilitiesNessusWindows
high
24729Fedora Core 6 : devhelp-0.12-10.fc6 / epiphany-2.16.3-2.fc6 / firefox-1.5.0.10-1.fc6 / etc (2007-293)NessusFedora Local Security Checks
high
24716Fedora Core 5 : firefox-1.5.0.10-1.fc5 (2007-281)NessusFedora Local Security Checks
high
3922Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
24708RHEL 4 : Firefox (RHSA-2007:0079)NessusRed Hat Local Security Checks
high
24707RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0077)NessusRed Hat Local Security Checks
high
24705FreeBSD : mozilla -- multiple vulnerabilities (12bd6ecf-c430-11db-95c5-000c6ec775d9)NessusFreeBSD Local Security Checks
high
24704CentOS 4 : firefox (CESA-2007:0079)NessusCentOS Local Security Checks
high
24703CentOS 3 / 4 : seamonkey (CESA-2007:0077)NessusCentOS Local Security Checks
high
24701Firefox < 1.5.0.10 / 2.0.0.2 Multiple VulnerabilitiesNessusWindows
high
800879SeaMonkey < 1.0.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800760Firefox < 1.5.0.10 / 2.0.0.2 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high