Executive Summary
Summary | |
---|---|
Title | Sun Alert 103136 Multiple Security Vulnerabilities in the Layout Engine in Mozilla 1.7 for Solaris 8, 9 and 10 |
Informations | |||
---|---|---|---|
Name | SUN-103136 | First vendor Publication | 2007-10-30 |
Vendor | Sun | Last vendor Modification | 2007-10-30 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Mozilla v1.7, Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System The Layout Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS). The following Mozilla advisory describes 30 separate issues. Of these issues, 20 affect the Layout engine and are listed under CVE-2007-2867, and 10 affect the JavaScript engine and are listed under CVE-2007-2868: This Sun Alert corresponds to the 20 Layout engine issues described in the Mozilla advisory under CVE-2007-2867. Additional references:
Avoidance: Workaround State: Workaround First released: 30-Oct-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_103136_multiple_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10066 | |||
Oval ID: | oval:org.mitre.oval:def:10066 | ||
Title: | Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. | ||
Description: | Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2867 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10711 | |||
Oval ID: | oval:org.mitre.oval:def:10711 | ||
Title: | Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. | ||
Description: | Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2868 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20321 | |||
Oval ID: | oval:org.mitre.oval:def:20321 | ||
Title: | DSA-1305-1 icedove - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1305-1 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : Solaris Update for Mozilla 1.7_x86 119116-35 File : nvt/gb_solaris_119116_35.nasl |
2009-10-13 | Name : Solaris Update for Mozilla 1.7 119115-35 File : nvt/gb_solaris_119115_35.nasl |
2009-10-10 | Name : SLES9: Security update for Mozilla suite File : nvt/sles9p5016317.nasl |
2009-05-05 | Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:131 (mozilla-thunderbird) File : nvt/gb_mandriva_MDKSA_2007_131.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:126-1 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_126_1.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:126 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_126.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:120 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_120.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:119 (mozilla-thunderbird) File : nvt/gb_mandriva_MDKSA_2007_119.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird vulnerabilities USN-469-1 File : nvt/gb_ubuntu_USN_469_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-468-1 File : nvt/gb_ubuntu_USN_468_1.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-552 File : nvt/gb_fedora_2007_552_epiphany_fc5.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-554 File : nvt/gb_fedora_2007_554_firefox_fc5.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-552 File : nvt/gb_fedora_2007_552_yelp_fc5.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-552 File : nvt/gb_fedora_2007_552_seamonkey_fc5.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-552 File : nvt/gb_fedora_2007_552_devhelp_fc5.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-551 File : nvt/gb_fedora_2007_551_thunderbird_fc5.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-550 File : nvt/gb_fedora_2007_550_thunderbird_fc6.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-549 File : nvt/gb_fedora_2007_549_yelp_fc6.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-549 File : nvt/gb_fedora_2007_549_firefox_fc6.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-549 File : nvt/gb_fedora_2007_549_epiphany_fc6.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-549 File : nvt/gb_fedora_2007_549_devhelp_fc6.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-0544 File : nvt/gb_fedora_2007_0544_thunderbird_fc7.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_yelp_fc7.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_firefox_fc7.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_epiphany_fc7.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_devhelp_fc7.nasl |
2009-01-28 | Name : SuSE Update for mozilla,MozillaFirefox,MozillaThunderbird SUSE-SA:2007:036 File : nvt/gb_suse_2007_036.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200706-06 (mozilla/thunderbird/firefox/xulrunner) File : nvt/glsa_200706_06.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1305-1 (icedove) File : nvt/deb_1305_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1306-1 (xulrunner) File : nvt/deb_1306_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1308-1 (iceweasel) File : nvt/deb_1308_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1300-1 (iceape) File : nvt/deb_1300_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-152-02 firefox-seamonkey-thunderbird File : nvt/esoft_slk_ssa_2007_152_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35138 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
35134 | Mozilla Multiple Products Layout Engine Unspecified Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-29 | Mozilla Firefox frame element memory corruption attempt RuleID : 43747 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox frame element memory corruption attempt RuleID : 43746 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox style display inherit memory corruption attempt RuleID : 43745 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox style display inherit memory corruption attempt RuleID : 43744 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox lookup property memory corruption attempt RuleID : 43743 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox lookup property memory corruption attempt RuleID : 43742 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox frameset memory corruption attempt RuleID : 43741 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox frameset memory corruption attempt RuleID : 43740 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox SVGZoom memory corruption attempt RuleID : 43739 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox SVGZoom memory corruption attempt RuleID : 43738 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox XUL commandDispatcher memory corruption attempt RuleID : 43737 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox XUL commandDispatcher memory corruption attempt RuleID : 43736 - Revision : 1 - Type : BROWSER-FIREFOX |
2017-08-29 | Mozilla Firefox SVG pathSegList memory corruption attempt RuleID : 43735 - Revision : 1 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox SVG pathSegList memory corruption attempt RuleID : 15164 - Revision : 10 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0400.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0401.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0402.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0006.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0008.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0009.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20070530_Thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070530_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070530_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0400.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0401.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0402.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-131.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-126.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-3756.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-469-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-468-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0544.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0001.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-3545.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-3547.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-3541.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-3546.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3631.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3632.nasl - Type : ACT_GATHER_INFO |
2007-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200706-06.nasl - Type : ACT_GATHER_INFO |
2007-06-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1308.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-120.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1305.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1306.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-119.nasl - Type : ACT_GATHER_INFO |
2007-06-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1300.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2007-552.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-152-02.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2007-549.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-550.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-551.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-554.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0402.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0401.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0400.nasl - Type : ACT_GATHER_INFO |
2007-05-31 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_15012.nasl - Type : ACT_GATHER_INFO |
2007-05-31 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_109.nasl - Type : ACT_GATHER_INFO |
2007-05-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_15012.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-066-04.nasl - Type : ACT_GATHER_INFO |
2007-03-06 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-309.nasl - Type : ACT_GATHER_INFO |
2007-03-06 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-308.nasl - Type : ACT_GATHER_INFO |