CVE-2007-2868

HIGH

Description

Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.

References

http://fedoranews.org/cms/node/2747

http://fedoranews.org/cms/node/2749

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

http://osvdb.org/35138

http://secunia.com/advisories/24406

http://secunia.com/advisories/24456

http://secunia.com/advisories/25469

http://secunia.com/advisories/25476

http://secunia.com/advisories/25488

http://secunia.com/advisories/25489

http://secunia.com/advisories/25490

http://secunia.com/advisories/25491

http://secunia.com/advisories/25492

http://secunia.com/advisories/25496

http://secunia.com/advisories/25533

http://secunia.com/advisories/25534

http://secunia.com/advisories/25559

http://secunia.com/advisories/25635

http://secunia.com/advisories/25644

http://secunia.com/advisories/25647

http://secunia.com/advisories/25664

http://secunia.com/advisories/25685

http://secunia.com/advisories/25750

http://secunia.com/advisories/25858

http://secunia.com/advisories/27427

http://secunia.com/advisories/28363

http://security.gentoo.org/glsa/glsa-200706-06.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1

http://www.debian.org/security/2007/dsa-1300

http://www.debian.org/security/2007/dsa-1305

http://www.debian.org/security/2007/dsa-1306

http://www.debian.org/security/2007/dsa-1308

http://www.kb.cert.org/vuls/id/609956

http://www.mandriva.com/security/advisories?name=MDKSA-2007:119

http://www.mandriva.com/security/advisories?name=MDKSA-2007:120

http://www.mandriva.com/security/advisories?name=MDKSA-2007:131

http://www.mozilla.org/security/announce/2007/mfsa2007-12.html

http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

http://www.redhat.com/support/errata/RHSA-2007-0400.html

http://www.redhat.com/support/errata/RHSA-2007-0401.html

http://www.redhat.com/support/errata/RHSA-2007-0402.html

http://www.securityfocus.com/archive/1/470172/100/200/threaded

http://www.securityfocus.com/archive/1/471842/100/0/threaded

http://www.securityfocus.com/bid/24242

http://www.securitytracker.com/id?1018151

http://www.securitytracker.com/id?1018152

http://www.securitytracker.com/id?1018153

http://www.ubuntu.com/usn/usn-468-1

http://www.ubuntu.com/usn/usn-469-1

http://www.us-cert.gov/cas/techalerts/TA07-151A.html

http://www.vupen.com/english/advisories/2007/1994

http://www.vupen.com/english/advisories/2007/3632

http://www.vupen.com/english/advisories/2008/0082

https://exchange.xforce.ibmcloud.com/vulnerabilities/34605

https://issues.rpath.com/browse/RPL-1424

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711

Details

Source: MITRE

Published: 2007-06-01

Updated: 2018-10-16

Type: CWE-94

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH