|Bugzilla:||565576: CVE-2007-0008 CVE-2007-0009 NSS: SSLv2 protocol buffer overflows|
The MITRE CVE dictionary describes this issue as:
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 22.214.171.124 and 2.x before 126.96.36.199, SeaMonkey before 1.0.8, Thunderbird before 188.8.131.52, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
Red Hat security errata
|Red Hat Enterprise Linux Desktop version 5 (thunderbird)||RHSA-2007:0108||March 14, 2007|
|Red Hat Enterprise Linux version 2.1 (seamonkey)||RHSA-2007:0077||February 24, 2007|
|Red Hat Enterprise Linux version 3 (seamonkey)||RHSA-2007:0077||February 24, 2007|
|Red Hat Enterprise Linux version 4||RHSA-2007:0077||February 24, 2007|
|Red Hat Enterprise Linux version 4 (firefox)||RHSA-2007:0079||February 23, 2007|
|Red Hat Enterprise Linux version 4 (thunderbird)||RHSA-2007:0078||March 02, 2007|
|Red Hat Enterprise Linux version 5 (firefox)||RHSA-2007:0097||March 14, 2007|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.