You are here

CVE-2007-0009

Vincent (CVE) Danen's picture
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

Details Source

Mitre

Public Date

2007-02-01 00:00:00

Impact

Moderate

Bugzilla

CVE-2007-0008 CVE-2007-0009 NSS: SSLv2 protocol buffer overflows

Bugzilla ID

565 576

CVSS Status

draft

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2007:0077 2007-02-24
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) RHSA-2007:0108 2007-03-14
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2007:0078 2007-03-02
Red Hat Enterprise Linux 4 (firefox) RHSA-2007:0079 2007-02-23
Red Hat Enterprise Linux 4 RHSA-2007:0077 2007-02-24
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2007:0077 2007-02-24
Red Hat Enterprise Linux 5 RHSA-2007:0108 2007-03-14
Red Hat Enterprise Linux 5 RHSA-2007:0097 2007-03-14

Affected Packages State

Platform Package State
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) thunderbird 1.5.0.10-1.el5 Fixed