Rapid7 Vulnerability & Exploit Database

MFSA2007-06 Firefox: Mozilla Network Security Services (NSS) SSLv2 buffer overflow (CVE-2007-0009)

Back to Search

MFSA2007-06 Firefox: Mozilla Network Security Services (NSS) SSLv2 buffer overflow (CVE-2007-0009)

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

02/26/2007

Created

07/25/2018

Added

06/14/2012

Modified

05/27/2016

Description

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

Solution(s)

mozilla-firefox-upgrade-1_5_0_10
mozilla-firefox-upgrade-2_0_0_2

References

https://attackerkb.com/topics/cve-2007-0009
64758
592796
CVE - 2007-0009
DSA-1336
OVAL10174
RHSA-2007:0077
RHSA-2007:0078
RHSA-2007:0079
RHSA-2007:0097
RHSA-2007:0108
20070202-01-P
20070301-01-P
SUSE-SA:2007:019
SUSE-SA:2007:022
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
32663

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

MFSA2007-06 Firefox: Mozilla Network Security Services (NSS) SSLv2 buffer overflow (CVE-2007-0009)