Unrated severityNVD Advisory· Published Feb 26, 2007· Updated Apr 23, 2026
CVE-2007-0009
CVE-2007-0009
Description
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
Affected products
9- cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*Range: <3.11.5
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
66- rhn.redhat.com/errata/RHSA-2007-0077.htmlnvdThird Party Advisory
- secunia.com/advisories/24253nvdThird Party Advisory
- secunia.com/advisories/24277nvdThird Party Advisory
- secunia.com/advisories/24287nvdThird Party Advisory
- secunia.com/advisories/24290nvdThird Party Advisory
- secunia.com/advisories/24293nvdThird Party Advisory
- secunia.com/advisories/24333nvdThird Party Advisory
- secunia.com/advisories/24342nvdThird Party Advisory
- secunia.com/advisories/24343nvdThird Party Advisory
- secunia.com/advisories/24384nvdThird Party Advisory
- secunia.com/advisories/24389nvdThird Party Advisory
- secunia.com/advisories/24395nvdThird Party Advisory
- secunia.com/advisories/24406nvdThird Party Advisory
- secunia.com/advisories/24410nvdThird Party Advisory
- secunia.com/advisories/24455nvdThird Party Advisory
- secunia.com/advisories/24456nvdThird Party Advisory
- secunia.com/advisories/24457nvdThird Party Advisory
- secunia.com/advisories/24522nvdThird Party Advisory
- secunia.com/advisories/24562nvdThird Party Advisory
- secunia.com/advisories/24650nvdThird Party Advisory
- secunia.com/advisories/24703nvdThird Party Advisory
- secunia.com/advisories/25588nvdThird Party Advisory
- secunia.com/advisories/25597nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-200703-18.xmlnvdThird Party Advisory
- slackware.com/security/viewer.phpnvdMailing ListThird Party Advisory
- slackware.com/security/viewer.phpnvdMailing ListThird Party Advisory
- slackware.com/security/viewer.phpnvdMailing ListThird Party Advisory
- www.debian.org/security/2007/dsa-1336nvdThird Party Advisory
- www.gentoo.org/security/en/glsa/glsa-200703-22.xmlnvdThird Party Advisory
- www.kb.cert.org/vuls/id/592796nvdThird Party AdvisoryUS Government Resource
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mozilla.org/security/announce/2007/mfsa2007-06.htmlnvdVendor Advisory
- www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2007-0078.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2007-0079.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2007-0097.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2007-0108.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/461336/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/461809/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/64758nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/usn-428-1nvdThird Party Advisory
- www.ubuntu.com/usn/usn-431-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2007/0718nvdThird Party Advisory
- www.vupen.com/english/advisories/2007/0719nvdThird Party Advisory
- www.vupen.com/english/advisories/2007/1165nvdThird Party Advisory
- www.vupen.com/english/advisories/2007/2141nvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/32663nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174nvdThird Party Advisory
- patches.sgi.com/support/free/security/advisories/20070202-01-P.ascnvdBroken Link
- patches.sgi.com/support/free/security/advisories/20070301-01-P.ascnvdBroken Link
- fedoranews.org/cms/node/2709nvdBroken Link
- fedoranews.org/cms/node/2711nvdBroken Link
- fedoranews.org/cms/node/2747nvdBroken Link
- fedoranews.org/cms/node/2749nvdBroken Link
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdBroken Link
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvdBroken Link
- lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlnvdBroken Link
- sunsolve.sun.com/search/document.donvdBroken Link
- sunsolve.sun.com/search/document.donvdBroken Link
- www.novell.com/linux/security/advisories/2007_22_mozilla.htmlnvdBroken Link
- www.osvdb.org/32106nvdBroken Link
- issues.rpath.com/browse/RPL-1081nvdBroken Link
- issues.rpath.com/browse/RPL-1103nvdBroken Link
News mentions
0No linked articles in our index yet.