Home > Vulnerability Database > CVE-2007-0008

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-0008

Date: February 26, 2007

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

Severity Score

5.6

Related Resources (78)

Url: http://secunia.com/advisories/24290

Url: http://www.securityfocus.com/archive/1/461809/100/0/threaded

Url: http://fedoranews.org/cms/node/2747

Url: http://secunia.com/advisories/24293

Url: http://fedoranews.org/cms/node/2749

Url: https://issues.rpath.com/browse/RPL-1081

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-0008

Url: http://fedoranews.org/cms/node/2709

Url: http://secunia.com/advisories/24328

Url: http://www.osvdb.org/32105

Url: http://secunia.com/advisories/24205

Url: http://www.securityfocus.com/bid/64758

Url: http://secunia.com/advisories/24406

Url: http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Url: http://secunia.com/advisories/24562

Url: http://secunia.com/advisories/24320

Url: http://secunia.com/advisories/24287

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

Url: http://www.ubuntu.com/usn/usn-428-1

Url: http://secunia.com/advisories/24522

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/32666

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: http://www.securityfocus.com/archive/1/461336/100/0/threaded

Url: http://www.ubuntu.com/usn/usn-431-1

Url: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

Url: http://www.vupen.com/english/advisories/2007/2141

Url: http://www.debian.org/security/2007/dsa-1336

Url: http://www.redhat.com/support/errata/RHSA-2007-0078.html

Url: http://secunia.com/advisories/24457

Url: http://secunia.com/advisories/24253

Url: http://www.vupen.com/english/advisories/2007/0718

Url: http://secunia.com/advisories/24650

Url: http://www.vupen.com/english/advisories/2007/0719

Url: http://www.redhat.com/support/errata/RHSA-2007-0097.html

Url: http://secunia.com/advisories/24252

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=364319

Url: http://secunia.com/advisories/25588

Url: http://secunia.com/advisories/24455

Url: https://access.redhat.com/security/cve/CVE-2007-0008

Url: http://secunia.com/advisories/24456

Url: http://secunia.com/advisories/24410

Url: http://secunia.com/advisories/24333

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-0008

Url: http://www.securitytracker.com/id?1017696

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1

Url: http://www.securityfocus.com/bid/22694

Url: http://fedoranews.org/cms/node/2728

Url: https://issues.rpath.com/browse/RPL-1103

Url: http://www.vupen.com/english/advisories/2007/1165

Url: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

Url: http://security.gentoo.org/glsa/glsa-200703-18.xml

Url: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482

Url: http://secunia.com/advisories/24703

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Url: http://www.kb.cert.org/vuls/id/377812

Url: http://secunia.com/advisories/24342

Url: http://www.redhat.com/support/errata/RHSA-2007-0079.html

Url: http://secunia.com/advisories/24384

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:052

Url: http://secunia.com/advisories/24389

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

Url: http://secunia.com/advisories/25597

Url: http://secunia.com/advisories/24343

Url: http://fedoranews.org/cms/node/2711

Url: http://fedoranews.org/cms/node/2713

Url: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Url: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Url: http://secunia.com/advisories/24238

Url: http://rhn.redhat.com/errata/RHSA-2007-0077.html

Url: http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml

Url: http://www.redhat.com/support/errata/RHSA-2007-0108.html

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502

Url: http://secunia.com/advisories/24395

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-06.html

Url: http://secunia.com/advisories/24277

Url: https://www.mend.io/vulnerability-database/CVE-2007-0008

Severity Score

5.6

Weakness Type (CWE)

Numeric Errors

CWE-189

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us