Executive Summary
Summary | |
---|---|
Title | Mozilla products vulnerable to memory corruption in the JavaScript engine |
Informations | |||
---|---|---|---|
Name | VU#755513 | First vendor Publication | 2007-10-19 |
Vendor | VU-CERT | Last vendor Modification | 2007-10-19 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#755513Mozilla products vulnerable to memory corruption in the JavaScript engineOverviewA number of vulnerabilities in the Mozilla JavaScript engine may allow the execution of arbitrary code or denial of service.I. DescriptionThe Mozilla JavaScript engine contains several vulnerabilities that may result in memory corruption. The impact of this memory corruption in specific cases is unclear. According to Mozilla Foundation Security Advisory MFSA 2007-29:As part of the Firefox 2.0.0.8 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Note that the Thunderbird email client also uses the Mozilla JavaScript engine and could be affected by these vulnerabilities if JavaScript is enabled (it is disabled by default). II. ImpactPotential impacts of these vulnerabilities include remote execution of arbitrary code and denial of service.III. SolutionUpgradeThese vulnerabilities are addressed in Firefox 2.0.0.8, Thunderbird 2.0.0.8, and SeaMonkey 1.1.5.
References
Thanks to Mozilla for reporting this vulnerability. Mozilla credits Igor Bukanov, Eli Friedman, and Jesse Ruderman with reporting these issues to them. This document was written by Chad R Dougherty.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/755513 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17867 | |||
Oval ID: | oval:org.mitre.oval:def:17867 | ||
Title: | DSA-1391-1 icedove - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1391-1 CVE-2007-3734 CVE-2007-3735 CVE-2007-3844 CVE-2007-3845 CVE-2007-5339 CVE-2007-5340 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21818 | |||
Oval ID: | oval:org.mitre.oval:def:21818 | ||
Title: | ELSA-2007:0979: firefox security update (Critical) | ||
Description: | Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0979-02 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 | Version: | 41 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22422 | |||
Oval ID: | oval:org.mitre.oval:def:22422 | ||
Title: | ELSA-2007:0981: thunderbird security update (Moderate) | ||
Description: | Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0981-02 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 | Version: | 41 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5018527.nasl |
2009-05-05 | Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:202 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_202.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2007:047 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2007_047.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-535-1 File : nvt/gb_ubuntu_USN_535_1.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-536-1 File : nvt/gb_ubuntu_USN_536_1.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-2601 File : nvt/gb_fedora_2007_2601_seamonkey_fc7.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-2664 File : nvt/gb_fedora_2007_2664_firefox_fc7.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-2795 File : nvt/gb_fedora_2007_2795_seamonkey_fc8.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-3414 File : nvt/gb_fedora_2007_3414_thunderbird_fc8.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-3431 File : nvt/gb_fedora_2007_3431_thunderbird_fc7.nasl |
2009-01-28 | Name : SuSE Update for MozillaFirefox,mozilla,seamonkey SUSE-SA:2007:057 File : nvt/gb_suse_2007_057.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-14 (firefox seamonkey xulrunner) File : nvt/glsa_200711_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-24 (mozilla-thunderbird mozilla-thunderb... File : nvt/glsa_200711_24.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1396-1 (icedove) File : nvt/deb_1396_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1401-1 (iceape) File : nvt/deb_1401_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1391-1 (icedove) File : nvt/deb_1391_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1392-1 (xulrunner) File : nvt/deb_1392_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38044 | Mozilla Multiple Products JavaScript Engine Multiple Unspecified Memory Corr... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0981.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0980.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0979.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20071019_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071019_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071019_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-047.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-202.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-4874.nasl - Type : ACT_GATHER_INFO |
2007-12-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_15014.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-4811.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-4570.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-24.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_2009.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3431.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3414.nasl - Type : ACT_GATHER_INFO |
2007-11-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-14.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-535-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-536-1.nasl - Type : ACT_GATHER_INFO |
2007-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2795.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2664.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1401.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2601.nasl - Type : ACT_GATHER_INFO |
2007-10-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1396.nasl - Type : ACT_GATHER_INFO |
2007-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4596.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0981.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0980.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0979.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1392.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1391.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0981.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4594.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0980.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0979.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_115.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4572.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4574.nasl - Type : ACT_GATHER_INFO |
2007-10-19 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_2008.nasl - Type : ACT_GATHER_INFO |