CVE-2007-0009 - Vulnerability Details

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Mozilla	Firefox Network Security Services Seamonkey Thunderbird
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:network_security_services::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
seamonkey-0:1.0.8-0.2.el2	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2007:0077	2007-02-24T00:00:00Z
Red Hat Enterprise Linux 3
seamonkey-0:1.0.8-0.2.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2007:0077	2007-02-24T00:00:00Z
Red Hat Enterprise Linux 4
devhelp-0:0.10-0.7.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0077	2007-02-24T00:00:00Z
seamonkey-0:1.0.8-0.2.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0077	2007-02-24T00:00:00Z
thunderbird-0:1.5.0.10-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0078	2007-03-02T00:00:00Z
firefox-0:1.5.0.10-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0079	2007-02-23T00:00:00Z
Red Hat Enterprise Linux 5
devhelp-0:0.12-10.0.1.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0097	2007-03-14T00:00:00Z
firefox-0:1.5.0.10-2.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0097	2007-03-14T00:00:00Z
yelp-0:2.16.0-14.0.1.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0097	2007-03-14T00:00:00Z
thunderbird-0:1.5.0.10-1.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0108	2007-03-14T00:00:00Z

References

Link	Providers
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2709
http://fedoranews.org/cms/node/2711
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://secunia.com/advisories/24253
http://secunia.com/advisories/24277
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24389
http://secunia.com/advisories/24395
http://secunia.com/advisories/24406
http://secunia.com/advisories/24410
http://secunia.com/advisories/24455
http://secunia.com/advisories/24456
http://secunia.com/advisories/24457
http://secunia.com/advisories/24522
http://secunia.com/advisories/24562
http://secunia.com/advisories/24650
http://secunia.com/advisories/24703
http://secunia.com/advisories/25588
http://secunia.com/advisories/25597
http://security.gentoo.org/glsa/glsa-200703-18.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
http://www.debian.org/security/2007/dsa-1336
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
http://www.kb.cert.org/vuls/id/592796
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.osvdb.org/32106
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/64758
http://www.securitytracker.com/id?1017696
http://www.ubuntu.com/usn/usn-428-1
http://www.ubuntu.com/usn/usn-431-1
http://www.vupen.com/english/advisories/2007/0718
http://www.vupen.com/english/advisories/2007/0719
http://www.vupen.com/english/advisories/2007/1165
http://www.vupen.com/english/advisories/2007/2141
https://bugzilla.mozilla.org/show_bug.cgi?id=364323
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
https://nvd.nist.gov/vuln/detail/CVE-2007-0009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174
https://www.cve.org/CVERecord?id=CVE-2007-0009

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-02-26T20:00:00

Updated: 2024-08-07T12:03:36.997Z

Reserved: 2006-12-19T00:00:00

Link: CVE-2007-0009

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-02-26T20:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0009

Redhat

Severity : Moderate

Publid Date: 2007-02-01T00:00:00Z

Links: CVE-2007-0009 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2007:0078", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"name": "24562", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24562"}, {"name": "25597", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25597"}, {"name": "GLSA-200703-22", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"}, {"name": "FEDORA-2007-278", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2709"}, {"name": "24703", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24703"}, {"name": "24395", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24395"}, {"name": "20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483"}, {"name": "20070226 rPSA-2007-0040-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"name": "FEDORA-2007-308", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2747"}, {"name": "RHSA-2007:0108", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"name": "24277", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24277"}, {"name": "SSA:2007-066-03", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"}, {"name": "24384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24384"}, {"name": "24406", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24406"}, {"name": "24457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24457"}, {"name": "24253", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24253"}, {"name": "MDKSA-2007:052", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"}, {"name": "24343", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24343"}, {"name": "DSA-1336", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1336"}, {"name": "VU#592796", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/592796"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "ADV-2007-1165", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1165"}, {"name": "1017696", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017696"}, {"name": "102945", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"}, {"name": "ADV-2007-0718", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"name": "FEDORA-2007-279", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2711"}, {"name": "FEDORA-2007-309", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2749"}, {"name": "GLSA-200703-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"}, {"name": "24650", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24650"}, {"name": "USN-428-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"name": "25588", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25588"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"name": "SUSE-SA:2007:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"name": "SUSE-SA:2007:022", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"name": "24293", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24293"}, {"name": "SSA:2007-066-04", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947"}, {"name": "24456", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24456"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"}, {"name": "24342", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24342"}, {"name": "24287", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24287"}, {"name": "24522", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24522"}, {"name": "102856", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "ADV-2007-0719", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0719"}, {"name": "USN-431-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-431-1"}, {"name": "RHSA-2007:0097", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"name": "20070301-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"name": "oval:org.mitre.oval:def:10174", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174"}, {"name": "24389", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24389"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"name": "24410", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24410"}, {"name": "32106", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32106"}, {"name": "24333", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24333"}, {"name": "nss-clientmasterkey-bo(32663)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663"}, {"name": "ADV-2007-2141", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2141"}, {"name": "MDKSA-2007:050", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"name": "64758", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/64758"}, {"name": "24290", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24290"}, {"name": "24455", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24455"}, {"name": "RHSA-2007:0077", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"name": "20070202-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"}, {"name": "SSA:2007-066-05", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"name": "RHSA-2007:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:03:36.997Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2007:0078", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"name": "24562", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24562"}, {"name": "25597", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25597"}, {"name": "GLSA-200703-22", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"}, {"name": "FEDORA-2007-278", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2709"}, {"name": "24703", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24703"}, {"name": "24395", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24395"}, {"name": "20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483"}, {"name": "20070226 rPSA-2007-0040-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"name": "FEDORA-2007-308", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2747"}, {"name": "RHSA-2007:0108", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"name": "24277", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24277"}, {"name": "SSA:2007-066-03", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"}, {"name": "24384", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24384"}, {"name": "24406", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24406"}, {"name": "24457", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24457"}, {"name": "24253", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24253"}, {"name": "MDKSA-2007:052", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"}, {"name": "24343", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24343"}, {"name": "DSA-1336", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1336"}, {"name": "VU#592796", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/592796"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "ADV-2007-1165", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1165"}, {"name": "1017696", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017696"}, {"name": "102945", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"}, {"name": "ADV-2007-0718", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"name": "FEDORA-2007-279", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2711"}, {"name": "FEDORA-2007-309", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2749"}, {"name": "GLSA-200703-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"}, {"name": "24650", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24650"}, {"name": "USN-428-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"name": "25588", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25588"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"name": "SUSE-SA:2007:019", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"name": "SUSE-SA:2007:022", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"name": "24293", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24293"}, {"name": "SSA:2007-066-04", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947"}, {"name": "24456", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24456"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"}, {"name": "24342", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24342"}, {"name": "24287", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24287"}, {"name": "24522", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24522"}, {"name": "102856", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "ADV-2007-0719", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0719"}, {"name": "USN-431-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-431-1"}, {"name": "RHSA-2007:0097", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"name": "20070301-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"name": "oval:org.mitre.oval:def:10174", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174"}, {"name": "24389", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24389"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"name": "24410", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24410"}, {"name": "32106", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32106"}, {"name": "24333", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24333"}, {"name": "nss-clientmasterkey-bo(32663)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663"}, {"name": "ADV-2007-2141", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2141"}, {"name": "MDKSA-2007:050", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"name": "64758", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/64758"}, {"name": "24290", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24290"}, {"name": "24455", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24455"}, {"name": "RHSA-2007:0077", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"name": "20070202-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"}, {"name": "SSA:2007-066-05", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"name": "RHSA-2007:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-0009", "datePublished": "2007-02-26T20:00:00", "dateReserved": "2006-12-19T00:00:00", "dateUpdated": "2024-08-07T12:03:36.997Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EDDD5B2-2356-4A1A-820F-60CF3B638910", "versionEndExcluding": "1.5.0.10", "versionStartIncluding": "1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BAFE9FF-65A4-487A-9D3A-844086DE5F27", "versionEndExcluding": "2.0.0.2", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "156B1F29-CBEE-475F-ADE0-92F805EA395C", "versionEndExcluding": "3.11.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECD99A-50D8-47FB-AEE9-D7A4F8F72B7C", "versionEndExcluding": "1.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A187A85C-E699-4E41-8745-B76F83BE8CB0", "versionEndExcluding": "1.5.0.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3A32E-445A-4D39-A8D5-75F5370AD23D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el soporte SSLv2 en Mozilla Network Security Services (NSS) anterior a versi\u00f3n 3.11.5, tal y como es usado por Firefox anterior a versi\u00f3n 1.5.0.10 y versi\u00f3n 2.x anterior a 2.0.0.2, Thunderbird anterior a versi\u00f3n 1.5.0.10, SeaMonkey anterior a versi\u00f3n 1.0.8, y ciertos productos de servidor Sun Java System anterior al 20070611, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de valores de longitud \"Client Master Key\" no v\u00e1lidos."}], "id": "CVE-2007-0009", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-26T20:28:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2709"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2711"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2747"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2749"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24253"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24277"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24287"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24290"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24293"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24333"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24342"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24343"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24384"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24389"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24395"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24406"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24410"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24455"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24456"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24457"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24522"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24562"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24650"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24703"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/25588"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/25597"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2007/dsa-1336"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/592796"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.osvdb.org/32106"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/64758"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1017696"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-431-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0719"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1165"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2141"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2711"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2747"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2749"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24290"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24293"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24343"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24389"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24395"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24410"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24455"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24456"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24562"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/25588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/25597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200703-18.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2007/dsa-1336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/592796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.osvdb.org/32106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/64758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1017696"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-431-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0719"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2141"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "seamonkey-0:1.0.8-0.2.el2", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "seamonkey-0:1.0.8-0.2.el3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "devhelp-0:0.10-0.7.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "seamonkey-0:1.0.8-0.2.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0078", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "thunderbird-0:1.5.0.10-0.1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-03-02T00:00:00Z"}, {"advisory": "RHSA-2007:0079", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "firefox-0:1.5.0.10-0.1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-02-23T00:00:00Z"}, {"advisory": "RHSA-2007:0097", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "devhelp-0:0.12-10.0.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}, {"advisory": "RHSA-2007:0097", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:1.5.0.10-2.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}, {"advisory": "RHSA-2007:0097", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "yelp-0:2.16.0-14.0.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}, {"advisory": "RHSA-2007:0108", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:1.5.0.10-1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}], "bugzilla": {"description": "NSS: SSLv2 protocol buffer overflows", "id": "565576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=565576"}, "csaw": false, "details": ["Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values."], "name": "CVE-2007-0009", "public_date": "2007-02-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-0009\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-0009"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object