CVE-2007-2868

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2007-2868
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html Vendor Advisory
https://issues.rpath.com/browse/RPL-1424
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1306
http://www.debian.org/security/2007/dsa-1308
http://www.debian.org/security/2007/dsa-1305
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.ubuntu.com/usn/usn-468-1
http://www.ubuntu.com/usn/usn-469-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html US Government Resource
http://www.kb.cert.org/vuls/id/609956 US Government Resource
http://www.securityfocus.com/bid/24242
http://www.securitytracker.com/id?1018151
http://www.securitytracker.com/id?1018152
http://www.securitytracker.com/id?1018153
http://secunia.com/advisories/25476 Vendor Advisory
http://secunia.com/advisories/25533 Vendor Advisory
http://secunia.com/advisories/25496 Vendor Advisory
http://secunia.com/advisories/25559 Vendor Advisory
http://secunia.com/advisories/25635 Vendor Advisory
http://secunia.com/advisories/25644 Vendor Advisory
http://secunia.com/advisories/25647 Vendor Advisory
http://secunia.com/advisories/25685 Vendor Advisory
http://secunia.com/advisories/24406 Vendor Advisory
http://secunia.com/advisories/24456 Vendor Advisory
http://secunia.com/advisories/25534 Vendor Advisory
http://secunia.com/advisories/25664 Vendor Advisory
http://secunia.com/advisories/25469 Vendor Advisory
http://secunia.com/advisories/25488 Vendor Advisory
http://secunia.com/advisories/25489 Vendor Advisory
http://secunia.com/advisories/25490 Vendor Advisory
http://secunia.com/advisories/25491 Vendor Advisory
http://secunia.com/advisories/25492 Vendor Advisory
http://secunia.com/advisories/25750 Vendor Advisory
http://secunia.com/advisories/25858
http://secunia.com/advisories/27427
http://secunia.com/advisories/28363
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1
http://www.vupen.com/english/advisories/2007/3632
http://www.vupen.com/english/advisories/2008/0082
http://www.vupen.com/english/advisories/2007/1994
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://osvdb.org/35138
https://exchange.xforce.ibmcloud.com/vulnerabilities/34605
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711
http://www.securityfocus.com/archive/1/471842/100/0/threaded
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
Information

Published : 2007-05-31 17:30

Updated : 2018-10-16 09:46

NVD link : CVE-2007-2868

Mitre link : CVE-2007-2868

JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa
Products Affected

mozilla

  • firefox
  • seamonkey
  • thunderbird