Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2007-0008

Published: Feb 26, 2007 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2007-0008
CWEhttps://cwe.mitre.org/data/definitions/189.html

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the Master Secret, which results in a heap-based overflow.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 1.5.0.9 (including)
Firefox Mozilla 0.1 (including) 0.1 (including)
Firefox Mozilla 0.2 (including) 0.2 (including)
Firefox Mozilla 0.3 (including) 0.3 (including)
Firefox Mozilla 0.4 (including) 0.4 (including)
Firefox Mozilla 0.5 (including) 0.5 (including)
Firefox Mozilla 0.6 (including) 0.6 (including)
Firefox Mozilla 0.6.1 (including) 0.6.1 (including)
Firefox Mozilla 0.7 (including) 0.7 (including)
Firefox Mozilla 0.7.1 (including) 0.7.1 (including)
Firefox Mozilla 0.8 (including) 0.8 (including)
Firefox Mozilla 0.9 (including) 0.9 (including)
Firefox Mozilla 0.9-rc (including) 0.9-rc (including)
Firefox Mozilla 0.9.1 (including) 0.9.1 (including)
Firefox Mozilla 0.9.2 (including) 0.9.2 (including)
Firefox Mozilla 0.9.3 (including) 0.9.3 (including)
Firefox Mozilla 0.10 (including) 0.10 (including)
Firefox Mozilla 0.10.1 (including) 0.10.1 (including)
Firefox Mozilla 1.0 (including) 1.0 (including)
Firefox Mozilla 1.0-preview_release (including) 1.0-preview_release (including)
Firefox Mozilla 1.0.1 (including) 1.0.1 (including)
Firefox Mozilla 1.0.2 (including) 1.0.2 (including)
Firefox Mozilla 1.0.3 (including) 1.0.3 (including)
Firefox Mozilla 1.0.4 (including) 1.0.4 (including)
Firefox Mozilla 1.0.5 (including) 1.0.5 (including)
Firefox Mozilla 1.0.6 (including) 1.0.6 (including)
Firefox Mozilla 1.0.7 (including) 1.0.7 (including)
Firefox Mozilla 1.0.8 (including) 1.0.8 (including)
Firefox Mozilla 1.4.1 (including) 1.4.1 (including)
Firefox Mozilla 1.5 (including) 1.5 (including)
Firefox Mozilla 1.5.0.1 (including) 1.5.0.1 (including)
Firefox Mozilla 1.5.0.2 (including) 1.5.0.2 (including)
Firefox Mozilla 1.5.0.3 (including) 1.5.0.3 (including)
Firefox Mozilla 1.5.0.4 (including) 1.5.0.4 (including)
Firefox Mozilla 1.5.0.5 (including) 1.5.0.5 (including)
Firefox Mozilla 1.5.0.6 (including) 1.5.0.6 (including)
Firefox Mozilla 1.5.0.7 (including) 1.5.0.7 (including)
Firefox Mozilla 1.5.0.8 (including) 1.5.0.8 (including)
Firefox Mozilla 1.5.0.10 (including) 1.5.0.10 (including)
Firefox Mozilla 1.5.0.11 (including) 1.5.0.11 (including)
Firefox Mozilla 1.5.0.12 (including) 1.5.0.12 (including)
Firefox Mozilla 2.0 (including) 2.0 (including)
Firefox Mozilla 2.0.0.1 (including) 2.0.0.1 (including)
Network_security_services Mozilla 3.11.2 (including) 3.11.2 (including)
Network_security_services Mozilla 3.11.3 (including) 3.11.3 (including)
Network_security_services Mozilla 3.11.4 (including) 3.11.4 (including)
Seamonkey Mozilla * 1.0.7 (including)
Seamonkey Mozilla 1.0 (including) 1.0 (including)
Seamonkey Mozilla 1.0.1 (including) 1.0.1 (including)
Seamonkey Mozilla 1.0.2 (including) 1.0.2 (including)
Seamonkey Mozilla 1.0.3 (including) 1.0.3 (including)
Seamonkey Mozilla 1.0.4 (including) 1.0.4 (including)
Seamonkey Mozilla 1.0.5 (including) 1.0.5 (including)
Seamonkey Mozilla 1.0.6 (including) 1.0.6 (including)
Thunderbird Mozilla * 1.5.0.9 (including)
Thunderbird Mozilla 0.1 (including) 0.1 (including)
Thunderbird Mozilla 0.2 (including) 0.2 (including)
Thunderbird Mozilla 0.3 (including) 0.3 (including)
Thunderbird Mozilla 0.4 (including) 0.4 (including)
Thunderbird Mozilla 0.5 (including) 0.5 (including)
Thunderbird Mozilla 0.6 (including) 0.6 (including)
Thunderbird Mozilla 0.7 (including) 0.7 (including)
Thunderbird Mozilla 0.7.1 (including) 0.7.1 (including)
Thunderbird Mozilla 0.7.2 (including) 0.7.2 (including)
Thunderbird Mozilla 0.7.3 (including) 0.7.3 (including)
Thunderbird Mozilla 0.8 (including) 0.8 (including)
Thunderbird Mozilla 0.9 (including) 0.9 (including)
Thunderbird Mozilla 1.0 (including) 1.0 (including)
Thunderbird Mozilla 1.0.1 (including) 1.0.1 (including)
Thunderbird Mozilla 1.0.2 (including) 1.0.2 (including)
Thunderbird Mozilla 1.0.3 (including) 1.0.3 (including)
Thunderbird Mozilla 1.0.4 (including) 1.0.4 (including)
Thunderbird Mozilla 1.0.5 (including) 1.0.5 (including)
Thunderbird Mozilla 1.0.6 (including) 1.0.6 (including)
Thunderbird Mozilla 1.0.7 (including) 1.0.7 (including)
Thunderbird Mozilla 1.0.8 (including) 1.0.8 (including)
Thunderbird Mozilla 1.5 (including) 1.5 (including)
Thunderbird Mozilla 1.5-beta2 (including) 1.5-beta2 (including)
Thunderbird Mozilla 1.5.0.1 (including) 1.5.0.1 (including)
Thunderbird Mozilla 1.5.0.2 (including) 1.5.0.2 (including)
Thunderbird Mozilla 1.5.0.3 (including) 1.5.0.3 (including)
Thunderbird Mozilla 1.5.0.4 (including) 1.5.0.4 (including)
Thunderbird Mozilla 1.5.0.5 (including) 1.5.0.5 (including)
Thunderbird Mozilla 1.5.0.6 (including) 1.5.0.6 (including)
Thunderbird Mozilla 1.5.0.7 (including) 1.5.0.7 (including)
Thunderbird Mozilla 1.5.0.8 (including) 1.5.0.8 (including)
Red Hat Enterprise Linux 2.1 RedHat seamonkey-0:1.0.8-0.2.el2 *
Red Hat Enterprise Linux 3 RedHat seamonkey-0:1.0.8-0.2.el3 *
Red Hat Enterprise Linux 4 RedHat devhelp-0:0.10-0.7.el4 *
Red Hat Enterprise Linux 4 RedHat seamonkey-0:1.0.8-0.2.el4 *
Red Hat Enterprise Linux 4 RedHat thunderbird-0:1.5.0.10-0.1.el4 *
Red Hat Enterprise Linux 4 RedHat firefox-0:1.5.0.10-0.1.el4 *
Red Hat Enterprise Linux 5 RedHat devhelp-0:0.12-10.0.1.el5 *
Red Hat Enterprise Linux 5 RedHat firefox-0:1.5.0.10-2.el5 *
Red Hat Enterprise Linux 5 RedHat yelp-0:2.16.0-14.0.1.el5 *
Red Hat Enterprise Linux 5 RedHat thunderbird-0:1.5.0.10-1.el5 *
Firefox Ubuntu dapper *
Firefox Ubuntu edgy *
Firefox Ubuntu feisty *
Iceape Ubuntu gutsy *
Lightning-sunbird Ubuntu devel *
Lightning-sunbird Ubuntu gutsy *
Midbrowser Ubuntu devel *
Midbrowser Ubuntu gutsy *
Mozilla-thunderbird Ubuntu dapper *
Mozilla-thunderbird Ubuntu edgy *
Mozilla-thunderbird Ubuntu feisty *
Xulrunner Ubuntu devel *
Xulrunner Ubuntu edgy *
Xulrunner Ubuntu feisty *
Xulrunner Ubuntu gutsy *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use