NVD

Id
52245  
Name
CVE-2007-0008  
Description
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-02-26  
Modified Date
2014-05-04  
Seq
2007-0008  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
263639 52245 CVE-2007-0008 20070202-01-P  View
263640 52245 CVE-2007-0008 20070301-01-P  View
263641 52245 CVE-2007-0008 FEDORA-2007-278  View
263642 52245 CVE-2007-0008 FEDORA-2007-279  View
263643 52245 CVE-2007-0008 FEDORA-2007-281  View
263644 52245 CVE-2007-0008 FEDORA-2007-293  View
263645 52245 CVE-2007-0008 FEDORA-2007-308  View
263646 52245 CVE-2007-0008 FEDORA-2007-309  View
263647 52245 CVE-2007-0008 HPSBUX02153  View
263648 52245 CVE-2007-0008 20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability  View
263649 52245 CVE-2007-0008 SUSE-SA:2007:019  View
263650 52245 CVE-2007-0008 oval:org.mitre.oval:def:10502  View
263651 52245 CVE-2007-0008 RHSA-2007:0077  View
263652 52245 CVE-2007-0008 GLSA-200703-18  View
263653 52245 CVE-2007-0008 SSA:2007-066-05  View
263654 52245 CVE-2007-0008 SSA:2007-066-04  View
263655 52245 CVE-2007-0008 SSA:2007-066-03  View
263656 52245 CVE-2007-0008 102856  View
263657 52245 CVE-2007-0008 102945  View
263658 52245 CVE-2007-0008 DSA-1336  View
263659 52245 CVE-2007-0008 GLSA-200703-22  View
263660 52245 CVE-2007-0008 VU#377812  View
263661 52245 CVE-2007-0008 MDKSA-2007:050  View
263662 52245 CVE-2007-0008 MDKSA-2007:052  View
263663 52245 CVE-2007-0008 http://www.mozilla.org/security/announce/2007/mfsa2007-06.html  View
263664 52245 CVE-2007-0008 SUSE-SA:2007:022  View
263665 52245 CVE-2007-0008 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html  View
263666 52245 CVE-2007-0008 RHSA-2007:0078  View
263667 52245 CVE-2007-0008 RHSA-2007:0079  View
263668 52245 CVE-2007-0008 RHSA-2007:0097  View
263669 52245 CVE-2007-0008 RHSA-2007:0108  View
263670 52245 CVE-2007-0008 20070226 rPSA-2007-0040-1 firefox  View
263671 52245 CVE-2007-0008 20070303 rPSA-2007-0040-3 firefox thunderbird  View
263672 52245 CVE-2007-0008 22694  View
263673 52245 CVE-2007-0008 64758  View
263674 52245 CVE-2007-0008 1017696  View
263675 52245 CVE-2007-0008 USN-428-1  View
263676 52245 CVE-2007-0008 USN-431-1  View
263677 52245 CVE-2007-0008 ADV-2007-0718  View
263678 52245 CVE-2007-0008 ADV-2007-0719  View
263679 52245 CVE-2007-0008 ADV-2007-1165  View
263680 52245 CVE-2007-0008 ADV-2007-2141  View
263681 52245 CVE-2007-0008 nss-mastersecret-bo(32666)  View
263682 52245 CVE-2007-0008 https://bugzilla.mozilla.org/show_bug.cgi?id=364319  View
263683 52245 CVE-2007-0008 https://issues.rpath.com/browse/RPL-1081  View
263684 52245 CVE-2007-0008 https://issues.rpath.com/browse/RPL-1103  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
51519 JVNDB-2007-000181 Mozilla Network Security Services (NSS) における SSLv2 クライアントでの整数アンダーフローの脆弱性 Mozilla Network Security Services (NSS) ライブラリには、SSLv2 プロトコルの処理に不備が存在するため、マスターシークレットの暗号化のために使用される非常に小さな公開鍵を含む SSLv2 サーバメッセージを処理することで整数アンダーフローが発生する脆弱性が存在します。 CVE-2007-0008 23363 CVE-2007-0008 52245 6.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000181.html 2007-02-26 2007-08-01 View