CVE-2007-0009 — MEDIUM (6.8)

Q: How severe is CVE-2007-0009?

CVE-2007-0009 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-0009?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Network Security Services, Mozilla Seamonkey, Mozilla Thunderbird, Debian Debian Linux.

Vulnerability Description

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 1.5, < 1.5.0.10
Mozilla	Network Security Services	< 3.11.5
Mozilla	Seamonkey	< 1.0.8
Mozilla	Thunderbird	< 1.5.0.10
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	5.10

Related Weaknesses (CWE)

CWE-119

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.ascBroken Link
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.ascBroken Link
http://fedoranews.org/cms/node/2709Broken Link
http://fedoranews.org/cms/node/2711Broken Link
http://fedoranews.org/cms/node/2747Broken Link
http://fedoranews.org/cms/node/2749Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2007-0077.htmlThird Party Advisory
http://secunia.com/advisories/24253Third Party Advisory
http://secunia.com/advisories/24277Third Party Advisory
http://secunia.com/advisories/24287Third Party Advisory
http://secunia.com/advisories/24290Third Party Advisory
http://secunia.com/advisories/24293Third Party Advisory

FAQ

What is CVE-2007-0009?

CVE-2007-0009 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMo...

How severe is CVE-2007-0009?

CVE-2007-0009 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-0009?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Network Security Services, Mozilla Seamonkey, Mozilla Thunderbird, Debian Debian Linux.