Vulnerability Details : CVE-2007-2868
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2007-2868
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2868
91.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2868
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-2868
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-2868
-
http://www.redhat.com/support/errata/RHSA-2007-0401.html
Support
-
http://www.ubuntu.com/usn/usn-468-1
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
Mandriva
-
http://www.redhat.com/support/errata/RHSA-2007-0400.html
-
http://www.redhat.com/support/errata/RHSA-2007-0402.html
Support
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
The Slackware Linux Project: Slackware Security Advisories
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1
-
http://www.securitytracker.com/id?1018152
-
http://www.vupen.com/english/advisories/2008/0082
Site en construction
-
http://www.securityfocus.com/archive/1/471842/100/0/threaded
-
http://fedoranews.org/cms/node/2747
-
http://www.vupen.com/english/advisories/2007/3632
-
http://www.securityfocus.com/bid/24242
-
http://www.debian.org/security/2007/dsa-1306
-
http://www.ubuntu.com/usn/usn-469-1
USN-469-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34605
-
http://www.securityfocus.com/archive/1/470172/100/200/threaded
-
http://www.securitytracker.com/id?1018153
-
http://www.debian.org/security/2007/dsa-1305
[SECURITY] [DSA 1305-1] New icedove packages fix several vulnerabilities
-
http://www.debian.org/security/2007/dsa-1300
[SECURITY] [DSA 1300-1] New iceape packages fix several vulnerabilities
-
http://www.debian.org/security/2007/dsa-1308
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
Mandriva
-
http://www.securitytracker.com/id?1018151
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
-
http://www.vupen.com/english/advisories/2007/1994
Site en construction
-
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
404 Page Not Found | SUSE
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
-
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
Vendor Advisory
-
http://www.kb.cert.org/vuls/id/609956
US Government Resource
-
http://fedoranews.org/cms/node/2749
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
-
http://security.gentoo.org/glsa/glsa-200706-06.xml
Mozilla products: Multiple vulnerabilities (GLSA 200706-06) — Gentoo security
-
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Page Not Found | CISAUS Government Resource
-
https://issues.rpath.com/browse/RPL-1424
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1
Jump to