CVE-2007-2867: Buffer Overflow
First published: Fri Jun 01 2007(Updated: )
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | =1.5.0.7 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Firefox | =1.5.2 | |
| Firefox | =1.5.0.6 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Firefox | =2.0.0.2 | |
| Firefox | =1.5.0.10 | |
| Firefox | =1.5.0.3 | |
| Firefox | =1.5.0.11 | |
| Firefox | =1.5.4 | |
| Firefox | =1.5 | |
| Thunderbird | =1.5.0.3 | |
| Thunderbird | =1.5.0.10 | |
| Thunderbird | =1.5.0.6 | |
| Thunderbird | =2.0.0.3 | |
| Firefox | =1.5.6 | |
| Thunderbird | =2.0.0.2 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Thunderbird | =2.0.0.0 | |
| Firefox | =1.5.0.7 | |
| Firefox | =2.0 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5.0.2 | |
| Thunderbird | =1.5.0.8 | |
| Firefox | =1.5.0.8 | |
| Firefox | =2.0.0.3 | |
| Thunderbird | =1.5.2 | |
| Firefox | =1.5.0.9 | |
| Firefox | =1.5.0.5 | |
| Firefox | =1.5.7 | |
| Thunderbird | =1.5.0.9 | |
| Thunderbird | =1.5.0.11 | |
| Firefox | =1.5.0.2 | |
| Firefox | =1.5.1 | |
| Thunderbird | =1.5.1 | |
| Firefox | =2.0.0.1 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Firefox | =1.5.5 | |
| Thunderbird | =2.0.0.1 | |
| Thunderbird | =1.5.0.1 | |
| Firefox | =1.5.8 | |
| Firefox | =1.5.3 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Thunderbird | =1.5.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
- https://issues.rpath.com/browse/RPL-1424
- http://www.debian.org/security/2007/dsa-1300
- http://www.debian.org/security/2007/dsa-1306
- http://www.debian.org/security/2007/dsa-1308
- http://www.debian.org/security/2007/dsa-1305
- http://fedoranews.org/cms/node/2747
- http://fedoranews.org/cms/node/2749
- http://security.gentoo.org/glsa/glsa-200706-06.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
- http://www.redhat.com/support/errata/RHSA-2007-0400.html
- http://www.redhat.com/support/errata/RHSA-2007-0401.html
- http://www.redhat.com/support/errata/RHSA-2007-0402.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1
- http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
- http://www.ubuntu.com/usn/usn-468-1
- http://www.ubuntu.com/usn/usn-469-1
- http://www.us-cert.gov/cas/techalerts/TA07-151A.html
- http://www.kb.cert.org/vuls/id/751636
- http://www.securityfocus.com/bid/24242
- http://www.securitytracker.com/id?1018151
- http://www.securitytracker.com/id?1018153
- http://secunia.com/advisories/25476
- http://secunia.com/advisories/25533
- http://secunia.com/advisories/25496
- http://secunia.com/advisories/25559
- http://secunia.com/advisories/25635
- http://secunia.com/advisories/25644
- http://secunia.com/advisories/25647
- http://secunia.com/advisories/25685
- http://secunia.com/advisories/24406
- http://secunia.com/advisories/24456
- http://secunia.com/advisories/25534
- http://secunia.com/advisories/25664
- http://secunia.com/advisories/25469
- http://secunia.com/advisories/25488
- http://secunia.com/advisories/25489
- http://secunia.com/advisories/25490
- http://secunia.com/advisories/25491
- http://secunia.com/advisories/25492
- http://secunia.com/advisories/25750
- http://secunia.com/advisories/25858
- http://secunia.com/advisories/27423
- http://secunia.com/advisories/28363
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
- http://www.vupen.com/english/advisories/2007/3664
- http://www.vupen.com/english/advisories/2008/0082
- http://www.vupen.com/english/advisories/2007/1994
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://osvdb.org/35134
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34604
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066
- http://www.securityfocus.com/archive/1/471842/100/0/threaded
- http://www.securityfocus.com/archive/1/470172/100/200/threaded
Frequently Asked Questions
What is the severity of CVE-2007-2867?
CVE-2007-2867 has been classified as a critical vulnerability that allows for potential denial of service by causing application crashes.
How do I fix CVE-2007-2867?
To mitigate CVE-2007-2867, upgrade affected applications like Mozilla Firefox, Thunderbird, and SeaMonkey to their respective patched versions.
Which versions are affected by CVE-2007-2867?
CVE-2007-2867 affects Mozilla Firefox versions prior to 1.5.0.12 and 2.0.0.4, Thunderbird before 1.5.0.12 and 2.0.0.4, and SeaMonkey versions 1.0.9 and 1.1.2.
What are common symptoms of CVE-2007-2867 exploitation?
Exploitation of CVE-2007-2867 typically leads to application crashes and can disrupt user workflows.
Is CVE-2007-2867 being actively exploited in the wild?
There have been indications that CVE-2007-2867 could be exploited, making it essential to ensure systems are updated to prevent potential attacks.
- agent/references
- agent/type
- agent/remedy
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/thunderbird
- version/thunderbird/1.5.0.7
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0.3
- canonical/firefox
- version/firefox/1.5.2
- version/firefox/1.5.0.6
- version/mozilla seamonkey/1.0.9
- version/firefox/2.0.0.2
- version/firefox/1.5.0.10
- version/firefox/1.5.0.3
- version/firefox/1.5.0.11
- version/firefox/1.5.4
- version/firefox/1.5
- version/thunderbird/1.5.0.3
- version/thunderbird/1.5.0.10
- version/thunderbird/1.5.0.6
- version/thunderbird/2.0.0.3
- version/firefox/1.5.6
- version/thunderbird/2.0.0.2
- version/mozilla seamonkey/1.1.2
- version/thunderbird/2.0.0.0
- version/firefox/1.5.0.7
- version/firefox/2.0
- version/thunderbird/1.5
- version/thunderbird/1.5.0.2
- version/thunderbird/1.5.0.8
- version/firefox/1.5.0.8
- version/firefox/2.0.0.3
- version/thunderbird/1.5.2
- version/firefox/1.5.0.9
- version/firefox/1.5.0.5
- version/firefox/1.5.7
- version/thunderbird/1.5.0.9
- version/thunderbird/1.5.0.11
- version/firefox/1.5.0.2
- version/firefox/1.5.1
- version/thunderbird/1.5.1
- version/firefox/2.0.0.1
- version/mozilla seamonkey/1.0.4
- version/firefox/1.5.5
- version/thunderbird/2.0.0.1
- version/thunderbird/1.5.0.1
- version/firefox/1.5.8
- version/firefox/1.5.3
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/thunderbird/1.5.0.4