CVE-2007-0008

Advisory lineage Upstream: 0 Downstream: 8
Deferred
Published: 26 Feb 2007, 20:00
Last modified:07 Aug 2024, 12:03

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
6.8 MEDIUM
v2.0 (nvd)
EPSS Score
17.41% MEDIUM
17% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

26 Feb 2007, 20:00
Published
Vulnerability first disclosed
07 Aug 2024, 12:03
Last Modified
Vulnerability information updated

Description

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

CVSS Metrics

  • v2.0MEDIUMScore: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 17.41% Percentile: 95%

Techniques & Countermeasures

  • CWE-189Numeric Errors

    Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

  • UnknownFirefox

    ≤ 1.5.0.9 | 0.1 | 0.2 | 0.3 | 0.4 | 0.5 | 0.6 | 0.6.1 | 0.7 | 0.7.1 | 0.8 | 0.9 | 0.9:rc | 0.9.1 | 0.9.2 | 0.9.3 | 0.10 | 0.10.1 | 1.0 | 1.0:preview_release | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.4.1 | 1.5 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.10 | 1.5.0.11 | 1.5.0.12 | 2.0 | 2.0.0.1

  • mozillanetwork security services

    3.11.2 | 3.11.3 | 3.11.4

  • mozillaseamonkey

    ≤ 1.0.7 | 1.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6

  • mozillathunderbird

    ≤ 1.5.0.9 | 0.1 | 0.2 | 0.3 | 0.4 | 0.5 | 0.6 | 0.7 | 0.7.1 | 0.7.2 | 0.7.3 | 0.8 | 0.9 | 1.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.5 | 1.5:beta2 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8

References (74)