VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Feb 26, 2007· Updated Apr 23, 2026

CVE-2007-0008

CVE-2007-0008

Description

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

Affected products

86
  • Mozilla Corporation/Firefox43 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 42 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=1.5.0.9
    • cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • Mozilla Corporation/Network Security Services3 versions
    cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
  • Mozilla Corporation/Seamonkey8 versions
    cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <=1.0.7
    • cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
  • Mozilla Corporation/Thunderbird32 versions
    cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 31 more
    • cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=1.5.0.9
    • cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

74

News mentions

0

No linked articles in our index yet.