Executive Summary
Summary | |
---|---|
Title | Mozilla products vulnerable to memory corruption in the JavaScript engine |
Informations | |||
---|---|---|---|
Name | VU#609956 | First vendor Publication | 2007-05-31 |
Vendor | VU-CERT | Last vendor Modification | 2007-06-20 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#609956Mozilla products vulnerable to memory corruption in the JavaScript engineOverviewA vulnerability in the Mozilla JavaScript engine may allow execution of arbitrary code or denial of service.I. DescriptionThe Mozilla JavaScript engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear. According to Mozilla Foundation Security Advisory 2007-12:Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. II. ImpactPotential consequences include remote execution of arbitrary code and denial of service.III. SolutionUpgradeThese vulnerabilities are addressed in Firefox 2.0.0.4, Firefox 1.5.0.12, Thunderbird 2.0.0.4, Thunderbird 1.5.0.12, SeaMonkey 1.0.9, SeaMonkey 1.1.2.
References
These vulnerabilities were reported in Mozilla Foundation Security Advisory 2007-12. Mozilla credits Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant with reporting these issues. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/609956 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10711 | |||
Oval ID: | oval:org.mitre.oval:def:10711 | ||
Title: | Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. | ||
Description: | Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2868 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20321 | |||
Oval ID: | oval:org.mitre.oval:def:20321 | ||
Title: | DSA-1305-1 icedove - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1305-1 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : Solaris Update for Mozilla 1.7_x86 119116-35 File : nvt/gb_solaris_119116_35.nasl |
2009-10-13 | Name : Solaris Update for Mozilla 1.7 119115-35 File : nvt/gb_solaris_119115_35.nasl |
2009-10-10 | Name : SLES9: Security update for Mozilla suite File : nvt/sles9p5016317.nasl |
2009-05-05 | Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:131 (mozilla-thunderbird) File : nvt/gb_mandriva_MDKSA_2007_131.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:119 (mozilla-thunderbird) File : nvt/gb_mandriva_MDKSA_2007_119.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird vulnerabilities USN-469-1 File : nvt/gb_ubuntu_USN_469_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-468-1 File : nvt/gb_ubuntu_USN_468_1.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-551 File : nvt/gb_fedora_2007_551_thunderbird_fc5.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-554 File : nvt/gb_fedora_2007_554_firefox_fc5.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-552 File : nvt/gb_fedora_2007_552_yelp_fc5.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-552 File : nvt/gb_fedora_2007_552_seamonkey_fc5.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-552 File : nvt/gb_fedora_2007_552_epiphany_fc5.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-552 File : nvt/gb_fedora_2007_552_devhelp_fc5.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-550 File : nvt/gb_fedora_2007_550_thunderbird_fc6.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-549 File : nvt/gb_fedora_2007_549_yelp_fc6.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-549 File : nvt/gb_fedora_2007_549_firefox_fc6.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-549 File : nvt/gb_fedora_2007_549_epiphany_fc6.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-549 File : nvt/gb_fedora_2007_549_devhelp_fc6.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-0544 File : nvt/gb_fedora_2007_0544_thunderbird_fc7.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_yelp_fc7.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_firefox_fc7.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_epiphany_fc7.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_devhelp_fc7.nasl |
2009-01-28 | Name : SuSE Update for mozilla,MozillaFirefox,MozillaThunderbird SUSE-SA:2007:036 File : nvt/gb_suse_2007_036.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200706-06 (mozilla/thunderbird/firefox/xulrunner) File : nvt/glsa_200706_06.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1305-1 (icedove) File : nvt/deb_1305_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1306-1 (xulrunner) File : nvt/deb_1306_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1308-1 (iceweasel) File : nvt/deb_1308_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1300-1 (iceape) File : nvt/deb_1300_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-152-02 firefox-seamonkey-thunderbird File : nvt/esoft_slk_ssa_2007_152_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35138 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0400.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0401.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0402.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0006.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0008.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0009.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20070530_Thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070530_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070530_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0400.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0401.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0402.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-131.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-126.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-3756.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-469-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-468-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0544.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0001.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-3545.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-3547.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-3541.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-3546.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3631.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3632.nasl - Type : ACT_GATHER_INFO |
2007-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200706-06.nasl - Type : ACT_GATHER_INFO |
2007-06-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1308.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-120.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1305.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1306.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-119.nasl - Type : ACT_GATHER_INFO |
2007-06-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1300.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2007-552.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-152-02.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2007-549.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-550.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-551.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-554.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0402.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0401.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0400.nasl - Type : ACT_GATHER_INFO |
2007-05-31 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_15012.nasl - Type : ACT_GATHER_INFO |
2007-05-31 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_109.nasl - Type : ACT_GATHER_INFO |
2007-05-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_15012.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-066-04.nasl - Type : ACT_GATHER_INFO |
2007-03-06 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-309.nasl - Type : ACT_GATHER_INFO |
2007-03-06 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-308.nasl - Type : ACT_GATHER_INFO |