CVE-2007-2867

Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://osvdb.org/35134
http://secunia.com/advisories/24406
http://secunia.com/advisories/24456
http://secunia.com/advisories/25469
http://secunia.com/advisories/25476
http://secunia.com/advisories/25488
http://secunia.com/advisories/25489
http://secunia.com/advisories/25490
http://secunia.com/advisories/25491
http://secunia.com/advisories/25492
http://secunia.com/advisories/25496
http://secunia.com/advisories/25533
http://secunia.com/advisories/25534
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25644
http://secunia.com/advisories/25647
http://secunia.com/advisories/25664
http://secunia.com/advisories/25685
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://secunia.com/advisories/27423
http://secunia.com/advisories/28363
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1305
http://www.debian.org/security/2007/dsa-1306
http://www.debian.org/security/2007/dsa-1308
http://www.kb.cert.org/vuls/id/751636	US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html	Patch
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.securityfocus.com/archive/1/470172/100/200/threaded
http://www.securityfocus.com/archive/1/471842/100/0/threaded
http://www.securityfocus.com/bid/24242
http://www.securitytracker.com/id?1018151
http://www.securitytracker.com/id?1018153
http://www.ubuntu.com/usn/usn-468-1
http://www.ubuntu.com/usn/usn-469-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/1994
http://www.vupen.com/english/advisories/2007/3664
http://www.vupen.com/english/advisories/2008/0082
https://exchange.xforce.ibmcloud.com/vulnerabilities/34604
https://issues.rpath.com/browse/RPL-1424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:1.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.8:::::::*
	cpe:2.3:a:mozilla:firefox:2.0:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.8:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.9:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.10:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.11:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.3:::::::*

History

No history.

Information

Published : 2007-06-01 00:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-2867

Mitre link : CVE-2007-2867

CVE.ORG link : CVE-2007-2867

JSON object : View

Products Affected

mozilla

firefox
seamonkey
thunderbird

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

9.3 /10