Vulnerability Details : CVE-2007-0776
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-0776
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0776
30.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0776
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-0776
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0776
-
http://secunia.com/advisories/24457
Vendor Advisory
-
http://www.osvdb.org/32113
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://secunia.com/advisories/24293
Vendor Advisory
-
http://www.ubuntu.com/usn/usn-431-1
-
http://secunia.com/advisories/24389
Vendor Advisory
-
http://secunia.com/advisories/24456
Vendor Advisory
-
http://secunia.com/advisories/24205
Vendor Advisory
-
http://secunia.com/advisories/24410
Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=360645
Vendor Advisory
-
http://fedoranews.org/cms/node/2728
-
http://www.vupen.com/english/advisories/2007/0719
Vendor Advisory
-
http://fedoranews.org/cms/node/2747
-
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
Patch;Vendor Advisory
-
http://secunia.com/advisories/24522
Vendor Advisory
-
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
-
http://secunia.com/advisories/24320
Vendor Advisory
-
http://secunia.com/advisories/24252
Vendor Advisory
-
http://www.securityfocus.com/bid/22694
-
http://fedoranews.org/cms/node/2713
-
http://www.vupen.com/english/advisories/2007/0718
Vendor Advisory
-
http://www.kb.cert.org/vuls/id/551436
US Government Resource
-
http://security.gentoo.org/glsa/glsa-200703-18.xml
-
http://security.gentoo.org/glsa/glsa-200703-04.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200703-04) — Gentoo security
-
http://secunia.com/advisories/24393
About Secunia Research | FlexeraVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
-
http://www.securityfocus.com/archive/1/461336/100/0/threaded
-
http://secunia.com/advisories/24384
Vendor Advisory
-
http://www.ubuntu.com/usn/usn-428-1
-
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
SeaMonkey: Multiple vulnerabilities (GLSA 200703-08) — Gentoo security
-
http://secunia.com/advisories/24238
Vendor Advisory
-
http://secunia.com/advisories/24406
Vendor Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
-
https://issues.rpath.com/browse/RPL-1081
-
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
-
http://secunia.com/advisories/24437
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/archive/1/461809/100/0/threaded
-
http://www.securitytracker.com/id?1017698
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
-
http://secunia.com/advisories/24333
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32698
-
http://fedoranews.org/cms/node/2749
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
-
http://secunia.com/advisories/24328
Vendor Advisory
-
http://secunia.com/advisories/24455
Vendor Advisory
Jump to