CVE-2007-2868: Code Injection
First published: Fri Jun 01 2007(Updated: )
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | =1.5.0.7 | |
| Firefox | =1.5.0.6 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Firefox | =2.0.0.2 | |
| Firefox | =1.5.0.10 | |
| Firefox | =1.5.0.3 | |
| Firefox | =1.5.0.11 | |
| Firefox | =1.5 | |
| Thunderbird | =1.5.0.3 | |
| Thunderbird | =1.5.0.10 | |
| Thunderbird | =1.5.0.6 | |
| Thunderbird | =2.0.0.3 | |
| Thunderbird | =2.0.0.2 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Thunderbird | =2.0.0.0 | |
| Firefox | =1.5.0.7 | |
| Firefox | =2.0 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5.0.2 | |
| Thunderbird | =1.5.0.8 | |
| Firefox | =1.5.0.8 | |
| Firefox | =2.0.0.3 | |
| Firefox | =1.5.0.9 | |
| Firefox | =1.5.0.5 | |
| Thunderbird | =1.5.0.9 | |
| Thunderbird | =1.5.0.11 | |
| Firefox | =1.5.0.2 | |
| Firefox | =2.0.0.1 | |
| Thunderbird | =2.0.0.1 | |
| Thunderbird | =1.5.0.1 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Thunderbird | =1.5.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
- https://issues.rpath.com/browse/RPL-1424
- http://www.debian.org/security/2007/dsa-1300
- http://www.debian.org/security/2007/dsa-1306
- http://www.debian.org/security/2007/dsa-1308
- http://www.debian.org/security/2007/dsa-1305
- http://fedoranews.org/cms/node/2747
- http://fedoranews.org/cms/node/2749
- http://security.gentoo.org/glsa/glsa-200706-06.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
- http://www.redhat.com/support/errata/RHSA-2007-0400.html
- http://www.redhat.com/support/errata/RHSA-2007-0401.html
- http://www.redhat.com/support/errata/RHSA-2007-0402.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1
- http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
- http://www.ubuntu.com/usn/usn-468-1
- http://www.ubuntu.com/usn/usn-469-1
- http://www.us-cert.gov/cas/techalerts/TA07-151A.html
- http://www.kb.cert.org/vuls/id/609956
- http://www.securityfocus.com/bid/24242
- http://www.securitytracker.com/id?1018151
- http://www.securitytracker.com/id?1018152
- http://www.securitytracker.com/id?1018153
- http://secunia.com/advisories/25476
- http://secunia.com/advisories/25533
- http://secunia.com/advisories/25496
- http://secunia.com/advisories/25559
- http://secunia.com/advisories/25635
- http://secunia.com/advisories/25644
- http://secunia.com/advisories/25647
- http://secunia.com/advisories/25685
- http://secunia.com/advisories/24406
- http://secunia.com/advisories/24456
- http://secunia.com/advisories/25534
- http://secunia.com/advisories/25664
- http://secunia.com/advisories/25469
- http://secunia.com/advisories/25488
- http://secunia.com/advisories/25489
- http://secunia.com/advisories/25490
- http://secunia.com/advisories/25491
- http://secunia.com/advisories/25492
- http://secunia.com/advisories/25750
- http://secunia.com/advisories/25858
- http://secunia.com/advisories/27427
- http://secunia.com/advisories/28363
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1
- http://www.vupen.com/english/advisories/2007/3632
- http://www.vupen.com/english/advisories/2008/0082
- http://www.vupen.com/english/advisories/2007/1994
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://osvdb.org/35138
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34605
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711
- http://www.securityfocus.com/archive/1/471842/100/0/threaded
- http://www.securityfocus.com/archive/1/470172/100/200/threaded
Frequently Asked Questions
What is the severity of CVE-2007-2868?
CVE-2007-2868 has a high severity rating due to its potential to cause denial of service and arbitrary code execution.
How do I fix CVE-2007-2868?
To fix CVE-2007-2868, update your Mozilla Firefox, Thunderbird, or SeaMonkey to the latest version as recommended by Mozilla.
Which software is affected by CVE-2007-2868?
CVE-2007-2868 affects various versions of Mozilla Firefox, Thunderbird, and SeaMonkey prior to their respective updates.
What types of attacks are possible with CVE-2007-2868?
CVE-2007-2868 allows remote attackers to execute arbitrary code and cause applications to crash.
Is CVE-2007-2868 still a risk if my software is updated?
No, if your software is updated to the latest version that addresses CVE-2007-2868, the risk is mitigated.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/thunderbird
- version/thunderbird/1.5.0.7
- canonical/firefox
- version/firefox/1.5.0.6
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0.9
- version/firefox/2.0.0.2
- version/firefox/1.5.0.10
- version/firefox/1.5.0.3
- version/firefox/1.5.0.11
- version/firefox/1.5
- version/thunderbird/1.5.0.3
- version/thunderbird/1.5.0.10
- version/thunderbird/1.5.0.6
- version/thunderbird/2.0.0.3
- version/thunderbird/2.0.0.2
- version/mozilla seamonkey/1.1.2
- version/thunderbird/2.0.0.0
- version/firefox/1.5.0.7
- version/firefox/2.0
- version/thunderbird/1.5
- version/thunderbird/1.5.0.2
- version/thunderbird/1.5.0.8
- version/firefox/1.5.0.8
- version/firefox/2.0.0.3
- version/firefox/1.5.0.9
- version/firefox/1.5.0.5
- version/thunderbird/1.5.0.9
- version/thunderbird/1.5.0.11
- version/firefox/1.5.0.2
- version/firefox/2.0.0.1
- version/thunderbird/2.0.0.1
- version/thunderbird/1.5.0.1
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/thunderbird/1.5.0.4