CVE-2007-0777 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2007-0777?

CVE-2007-0777 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-0777?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Canonical Ubuntu Linux.

Vulnerability Description

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 1.5, < 1.5.0.10
Mozilla	Seamonkey	< 1.0.8
Mozilla	Thunderbird	< 1.5.0.10
Canonical	Ubuntu Linux	5.10

Related Weaknesses (CWE)

CWE-119

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.ascBroken Link
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.ascBroken Link
http://fedoranews.org/cms/node/2713Broken Link
http://fedoranews.org/cms/node/2728Broken Link
http://fedoranews.org/cms/node/2747Broken Link
http://fedoranews.org/cms/node/2749Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2007-0077.htmlThird Party Advisory
http://secunia.com/advisories/24205Third Party Advisory
http://secunia.com/advisories/24238Third Party Advisory
http://secunia.com/advisories/24252Third Party Advisory
http://secunia.com/advisories/24287Third Party Advisory
http://secunia.com/advisories/24290Third Party Advisory
http://secunia.com/advisories/24293Third Party Advisory

FAQ

What is CVE-2007-0777?

CVE-2007-0777 is a vulnerability with a CVSS score of 9.3 (HIGH). The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) an...

How severe is CVE-2007-0777?

CVE-2007-0777 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-0777?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Canonical Ubuntu Linux.