CVE-2007-0776

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-0776
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://secunia.com/advisories/24205 Vendor Advisory
http://secunia.com/advisories/24238 Vendor Advisory
http://secunia.com/advisories/24252 Vendor Advisory
http://secunia.com/advisories/24293 Vendor Advisory
http://secunia.com/advisories/24320 Vendor Advisory
http://secunia.com/advisories/24328 Vendor Advisory
http://secunia.com/advisories/24333 Vendor Advisory
http://secunia.com/advisories/24384 Vendor Advisory
http://secunia.com/advisories/24389 Vendor Advisory
http://secunia.com/advisories/24393 Vendor Advisory
http://secunia.com/advisories/24406 Vendor Advisory
http://secunia.com/advisories/24410 Vendor Advisory
http://secunia.com/advisories/24437 Vendor Advisory
http://secunia.com/advisories/24455 Vendor Advisory
http://secunia.com/advisories/24456 Vendor Advisory
http://secunia.com/advisories/24457 Vendor Advisory
http://secunia.com/advisories/24522 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://security.gentoo.org/glsa/glsa-200703-18.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.kb.cert.org/vuls/id/551436 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.osvdb.org/32113
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/22694
http://www.securitytracker.com/id?1017698
http://www.ubuntu.com/usn/usn-428-1
http://www.ubuntu.com/usn/usn-431-1
http://www.vupen.com/english/advisories/2007/0718 Vendor Advisory
http://www.vupen.com/english/advisories/2007/0719 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0083 Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=360645 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32698
https://issues.rpath.com/browse/RPL-1081
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://secunia.com/advisories/24205 Vendor Advisory
http://secunia.com/advisories/24238 Vendor Advisory
http://secunia.com/advisories/24252 Vendor Advisory
http://secunia.com/advisories/24293 Vendor Advisory
http://secunia.com/advisories/24320 Vendor Advisory
http://secunia.com/advisories/24328 Vendor Advisory
http://secunia.com/advisories/24333 Vendor Advisory
http://secunia.com/advisories/24384 Vendor Advisory
http://secunia.com/advisories/24389 Vendor Advisory
http://secunia.com/advisories/24393 Vendor Advisory
http://secunia.com/advisories/24406 Vendor Advisory
http://secunia.com/advisories/24410 Vendor Advisory
http://secunia.com/advisories/24437 Vendor Advisory
http://secunia.com/advisories/24455 Vendor Advisory
http://secunia.com/advisories/24456 Vendor Advisory
http://secunia.com/advisories/24457 Vendor Advisory
http://secunia.com/advisories/24522 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://security.gentoo.org/glsa/glsa-200703-18.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.kb.cert.org/vuls/id/551436 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.osvdb.org/32113
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/22694
http://www.securitytracker.com/id?1017698
http://www.ubuntu.com/usn/usn-428-1
http://www.ubuntu.com/usn/usn-431-1
http://www.vupen.com/english/advisories/2007/0718 Vendor Advisory
http://www.vupen.com/english/advisories/2007/0719 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0083 Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=360645 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32698
https://issues.rpath.com/browse/RPL-1081
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:26

Type Values Removed Values Added
References () http://fedoranews.org/cms/node/2713 - () http://fedoranews.org/cms/node/2713 -
References () http://fedoranews.org/cms/node/2728 - () http://fedoranews.org/cms/node/2728 -
References () http://fedoranews.org/cms/node/2747 - () http://fedoranews.org/cms/node/2747 -
References () http://fedoranews.org/cms/node/2749 - () http://fedoranews.org/cms/node/2749 -
References () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 - () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 -
References () http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html - () http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html -
References () http://secunia.com/advisories/24205 - Vendor Advisory () http://secunia.com/advisories/24205 - Vendor Advisory
References () http://secunia.com/advisories/24238 - Vendor Advisory () http://secunia.com/advisories/24238 - Vendor Advisory
References () http://secunia.com/advisories/24252 - Vendor Advisory () http://secunia.com/advisories/24252 - Vendor Advisory
References () http://secunia.com/advisories/24293 - Vendor Advisory () http://secunia.com/advisories/24293 - Vendor Advisory
References () http://secunia.com/advisories/24320 - Vendor Advisory () http://secunia.com/advisories/24320 - Vendor Advisory
References () http://secunia.com/advisories/24328 - Vendor Advisory () http://secunia.com/advisories/24328 - Vendor Advisory
References () http://secunia.com/advisories/24333 - Vendor Advisory () http://secunia.com/advisories/24333 - Vendor Advisory
References () http://secunia.com/advisories/24384 - Vendor Advisory () http://secunia.com/advisories/24384 - Vendor Advisory
References () http://secunia.com/advisories/24389 - Vendor Advisory () http://secunia.com/advisories/24389 - Vendor Advisory
References () http://secunia.com/advisories/24393 - Vendor Advisory () http://secunia.com/advisories/24393 - Vendor Advisory
References () http://secunia.com/advisories/24406 - Vendor Advisory () http://secunia.com/advisories/24406 - Vendor Advisory
References () http://secunia.com/advisories/24410 - Vendor Advisory () http://secunia.com/advisories/24410 - Vendor Advisory
References () http://secunia.com/advisories/24437 - Vendor Advisory () http://secunia.com/advisories/24437 - Vendor Advisory
References () http://secunia.com/advisories/24455 - Vendor Advisory () http://secunia.com/advisories/24455 - Vendor Advisory
References () http://secunia.com/advisories/24456 - Vendor Advisory () http://secunia.com/advisories/24456 - Vendor Advisory
References () http://secunia.com/advisories/24457 - Vendor Advisory () http://secunia.com/advisories/24457 - Vendor Advisory
References () http://secunia.com/advisories/24522 - Vendor Advisory () http://secunia.com/advisories/24522 - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-200703-04.xml - () http://security.gentoo.org/glsa/glsa-200703-04.xml -
References () http://security.gentoo.org/glsa/glsa-200703-18.xml - () http://security.gentoo.org/glsa/glsa-200703-18.xml -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 -
References () http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml - () http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml -
References () http://www.kb.cert.org/vuls/id/551436 - US Government Resource () http://www.kb.cert.org/vuls/id/551436 - US Government Resource
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:052 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:052 -
References () http://www.mozilla.org/security/announce/2007/mfsa2007-01.html - Patch, Vendor Advisory () http://www.mozilla.org/security/announce/2007/mfsa2007-01.html - Patch, Vendor Advisory
References () http://www.novell.com/linux/security/advisories/2007_22_mozilla.html - () http://www.novell.com/linux/security/advisories/2007_22_mozilla.html -
References () http://www.osvdb.org/32113 - () http://www.osvdb.org/32113 -
References () http://www.securityfocus.com/archive/1/461336/100/0/threaded - () http://www.securityfocus.com/archive/1/461336/100/0/threaded -
References () http://www.securityfocus.com/archive/1/461809/100/0/threaded - () http://www.securityfocus.com/archive/1/461809/100/0/threaded -
References () http://www.securityfocus.com/bid/22694 - () http://www.securityfocus.com/bid/22694 -
References () http://www.securitytracker.com/id?1017698 - () http://www.securitytracker.com/id?1017698 -
References () http://www.ubuntu.com/usn/usn-428-1 - () http://www.ubuntu.com/usn/usn-428-1 -
References () http://www.ubuntu.com/usn/usn-431-1 - () http://www.ubuntu.com/usn/usn-431-1 -
References () http://www.vupen.com/english/advisories/2007/0718 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/0718 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2007/0719 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/0719 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2008/0083 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/0083 - Vendor Advisory
References () https://bugzilla.mozilla.org/show_bug.cgi?id=360645 - Vendor Advisory () https://bugzilla.mozilla.org/show_bug.cgi?id=360645 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/32698 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/32698 -
References () https://issues.rpath.com/browse/RPL-1081 - () https://issues.rpath.com/browse/RPL-1081 -
Information

Published : 2007-02-26 19:28

Updated : 2024-11-21 00:26

NVD link : CVE-2007-0776

Mitre link : CVE-2007-0776

CVE.ORG link : CVE-2007-0776

JSON object : View

Products Affected

mozilla

  • thunderbird
  • firefox
  • seamonkey
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024