[Forgot Password]
Login  Register Subscribe

24003

 
 

131401

 
 

103942

 
 

909

 
 

84051

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2007-0008Date: (C)2007-02-26   (M)2018-02-19


Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.8
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1017696
SUNALERT-102856
SUNALERT-102945
20070202-01-P
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded
20070301-01-P
http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded
BID-22694
SECUNIA-24205
SECUNIA-24238
SECUNIA-24252
SECUNIA-24253
SECUNIA-24277
SECUNIA-24287
SECUNIA-24290
SECUNIA-24293
SECUNIA-24320
SECUNIA-24328
SECUNIA-24333
SECUNIA-24342
SECUNIA-24343
SECUNIA-24384
SECUNIA-24389
SECUNIA-24395
SECUNIA-24406
SECUNIA-24410
SECUNIA-24455
SECUNIA-24456
SECUNIA-24457
SECUNIA-24522
SECUNIA-24562
SECUNIA-24650
SECUNIA-24703
SECUNIA-25588
SECUNIA-25597
OSVDB-32105
BID-64758
ADV-2007-0718
ADV-2007-0719
ADV-2007-1165
ADV-2007-2141
DSA-1336
FEDORA-2007-278
FEDORA-2007-279
FEDORA-2007-281
FEDORA-2007-293
FEDORA-2007-308
FEDORA-2007-309
GLSA-200703-18
GLSA-200703-22
HPSBUX02153
MDKSA-2007:050
MDKSA-2007:052
RHSA-2007:0077
RHSA-2007:0078
RHSA-2007:0079
RHSA-2007:0097
RHSA-2007:0108
SSA:2007-066-03
SSA:2007-066-04
SSA:2007-066-05
SSRT061181
SUSE-SA:2007:019
SUSE-SA:2007:022
USN-428-1
USN-431-1
VU#377812
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://bugzilla.mozilla.org/show_bug.cgi?id=364319
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
nss-mastersecret-bo(32666)

CPE    86
cpe:/a:mozilla:thunderbird:0.7.3
cpe:/a:mozilla:thunderbird:0.7.2
cpe:/a:mozilla:thunderbird:0.7.1
cpe:/a:mozilla:thunderbird:0.1
...
CWE    1
CWE-189

© 2013 SecPod Technologies