CVE-2007-0008

Description

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

Affected products

• Mozilla / Firefox1.5.0.9
• Mozilla / Firefox0.1 – 0.1
• Mozilla / Firefox0.2 – 0.2
• Mozilla / Firefox0.3 – 0.3
• Mozilla / Firefox0.4 – 0.4
• Mozilla / Firefox0.5 – 0.5
• Mozilla / Firefox0.6 – 0.6
• Mozilla / Firefox0.6.1 – 0.6.1
• Mozilla / Firefox0.7 – 0.7
• Mozilla / Firefox0.7.1 – 0.7.1
• Mozilla / Firefox0.8 – 0.8
• Mozilla / Firefox0.9 – 0.9
• Mozilla / Firefox0.9 – 0.9
• Mozilla / Firefox0.9.1 – 0.9.1
• Mozilla / Firefox0.9.2 – 0.9.2
• Mozilla / Firefox0.9.3 – 0.9.3
• Mozilla / Firefox0.10 – 0.10
• Mozilla / Firefox0.10.1 – 0.10.1
• Mozilla / Firefox1.0 – 1.0
• Mozilla / Firefox1.0 – 1.0
• Mozilla / Firefox1.0.1 – 1.0.1
• Mozilla / Firefox1.0.2 – 1.0.2
• Mozilla / Firefox1.0.3 – 1.0.3
• Mozilla / Firefox1.0.4 – 1.0.4
• Mozilla / Firefox1.0.5 – 1.0.5
• Mozilla / Firefox1.0.6 – 1.0.6
• Mozilla / Firefox1.0.7 – 1.0.7
• Mozilla / Firefox1.0.8 – 1.0.8
• Mozilla / Firefox1.4.1 – 1.4.1
• Mozilla / Firefox1.5 – 1.5
• Mozilla / Firefox1.5.0.1 – 1.5.0.1
• Mozilla / Firefox1.5.0.2 – 1.5.0.2
• Mozilla / Firefox1.5.0.3 – 1.5.0.3
• Mozilla / Firefox1.5.0.4 – 1.5.0.4
• Mozilla / Firefox1.5.0.5 – 1.5.0.5
• Mozilla / Firefox1.5.0.6 – 1.5.0.6
• Mozilla / Firefox1.5.0.7 – 1.5.0.7
• Mozilla / Firefox1.5.0.8 – 1.5.0.8
• Mozilla / Firefox1.5.0.10 – 1.5.0.10
• Mozilla / Firefox1.5.0.11 – 1.5.0.11
• Mozilla / Firefox1.5.0.12 – 1.5.0.12
• Mozilla / Firefox2.0 – 2.0
• Mozilla / Firefox2.0.0.1 – 2.0.0.1
• Mozilla / Network Security Services3.11.2 – 3.11.2
• Mozilla / Network Security Services3.11.3 – 3.11.3
• Mozilla / Network Security Services3.11.4 – 3.11.4
• Mozilla / seamonkey1.0.7
• Mozilla / seamonkey1.0 – 1.0
• Mozilla / seamonkey1.0.1 – 1.0.1
• Mozilla / seamonkey1.0.2 – 1.0.2
• Mozilla / seamonkey1.0.3 – 1.0.3
• Mozilla / seamonkey1.0.4 – 1.0.4
• Mozilla / seamonkey1.0.5 – 1.0.5
• Mozilla / seamonkey1.0.6 – 1.0.6
• Mozilla / Thunderbird1.5.0.9
• Mozilla / Thunderbird0.1 – 0.1
• Mozilla / Thunderbird0.2 – 0.2
• Mozilla / Thunderbird0.3 – 0.3
• Mozilla / Thunderbird0.4 – 0.4
• Mozilla / Thunderbird0.5 – 0.5
• Mozilla / Thunderbird0.6 – 0.6
• Mozilla / Thunderbird0.7 – 0.7
• Mozilla / Thunderbird0.7.1 – 0.7.1
• Mozilla / Thunderbird0.7.2 – 0.7.2
• Mozilla / Thunderbird0.7.3 – 0.7.3
• Mozilla / Thunderbird0.8 – 0.8
• Mozilla / Thunderbird0.9 – 0.9
• Mozilla / Thunderbird1.0 – 1.0
• Mozilla / Thunderbird1.0.1 – 1.0.1
• Mozilla / Thunderbird1.0.2 – 1.0.2
• Mozilla / Thunderbird1.0.3 – 1.0.3
• Mozilla / Thunderbird1.0.4 – 1.0.4
• Mozilla / Thunderbird1.0.5 – 1.0.5
• Mozilla / Thunderbird1.0.6 – 1.0.6
• Mozilla / Thunderbird1.0.7 – 1.0.7
• Mozilla / Thunderbird1.0.8 – 1.0.8
• Mozilla / Thunderbird1.5 – 1.5
• Mozilla / Thunderbird1.5 – 1.5
• Mozilla / Thunderbird1.5.0.1 – 1.5.0.1
• Mozilla / Thunderbird1.5.0.2 – 1.5.0.2
• Mozilla / Thunderbird1.5.0.3 – 1.5.0.3
• Mozilla / Thunderbird1.5.0.4 – 1.5.0.4
• Mozilla / Thunderbird1.5.0.5 – 1.5.0.5
• Mozilla / Thunderbird1.5.0.6 – 1.5.0.6
• Mozilla / Thunderbird1.5.0.7 – 1.5.0.7
• Mozilla / Thunderbird1.5.0.8 – 1.5.0.8

References

• MISChttp://www.redhat.com/support/errata/RHSA-2007-0078.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/24562
• VENDOR_ADVISORYhttp://secunia.com/advisories/25597
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
• MISChttp://fedoranews.org/cms/node/2709
• VENDOR_ADVISORYhttp://secunia.com/advisories/24703
• VENDOR_ADVISORYhttp://secunia.com/advisories/24395
• MISChttp://www.securityfocus.com/archive/1/461336/100/0/threaded
• MISChttp://fedoranews.org/cms/node/2747
• VENDOR_ADVISORYhttp://secunia.com/advisories/24328
• MISChttp://www.redhat.com/support/errata/RHSA-2007-0108.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/24277
• VENDOR_ADVISORYhttp://secunia.com/advisories/24252
• MISChttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
• VENDOR_ADVISORYhttp://secunia.com/advisories/24384
• VENDOR_ADVISORYhttp://secunia.com/advisories/24406
• VENDOR_ADVISORYhttp://secunia.com/advisories/24457
• VENDOR_ADVISORYhttp://secunia.com/advisories/24253
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:052
• MISChttps://bugzilla.mozilla.org/show_bug.cgi?id=364319
• VENDOR_ADVISORYhttp://secunia.com/advisories/24343
• VENDOR_ADVISORYhttp://www.debian.org/security/2007/dsa-1336
• MISChttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/1165
• MISChttp://www.securitytracker.com/id?1017696
• MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/0718
• MISChttp://fedoranews.org/cms/node/2711
• MISChttp://fedoranews.org/cms/node/2749
• MISChttp://security.gentoo.org/glsa/glsa-200703-18.xml
• VENDOR_ADVISORYhttp://secunia.com/advisories/24650
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-428-1
• VENDOR_ADVISORYhttp://secunia.com/advisories/24320
• VENDOR_ADVISORYhttp://secunia.com/advisories/25588
• MISChttps://issues.rpath.com/browse/RPL-1103
• MAILING_LISThttp://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
• MISChttp://www.securityfocus.com/archive/1/461809/100/0/threaded
• MISChttp://www.osvdb.org/32105
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2007_22_mozilla.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/24293
• VENDOR_ADVISORYhttp://secunia.com/advisories/24238
• MISChttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
• VENDOR_ADVISORYhttp://secunia.com/advisories/24456
• MISChttp://www.mozilla.org/security/announce/2007/mfsa2007-06.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/24342
• VENDOR_ADVISORYhttp://secunia.com/advisories/24287
• VENDOR_ADVISORYhttp://secunia.com/advisories/24522
• MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
• MISChttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
• MISChttp://www.kb.cert.org/vuls/id/377812
• MISChttp://www.securityfocus.com/bid/22694
• MISChttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/0719
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/32666
• MISChttp://fedoranews.org/cms/node/2713
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-431-1
• MISChttp://www.redhat.com/support/errata/RHSA-2007-0097.html
• MISChttp://fedoranews.org/cms/node/2728
• VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502
• VENDOR_ADVISORYhttp://secunia.com/advisories/24205
• VENDOR_ADVISORYhttp://secunia.com/advisories/24389
• MISChttps://issues.rpath.com/browse/RPL-1081
• VENDOR_ADVISORYhttp://secunia.com/advisories/24410
• VENDOR_ADVISORYhttp://secunia.com/advisories/24333
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/2141
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:050
• MISChttp://www.securityfocus.com/bid/64758
• VENDOR_ADVISORYhttp://secunia.com/advisories/24290
• VENDOR_ADVISORYhttp://secunia.com/advisories/24455
• MISChttp://rhn.redhat.com/errata/RHSA-2007-0077.html
• VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
• VENDOR_ADVISORYhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
• MISChttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
• MISChttp://www.redhat.com/support/errata/RHSA-2007-0079.html