Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-2868

Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.

Published

2007-06-01T00:30:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5.0.1	Yes
Application	mozilla	firefox	1.5.0.2	Yes
Application	mozilla	firefox	1.5.0.3	Yes
Application	mozilla	firefox	1.5.0.4	Yes
Application	mozilla	firefox	1.5.0.5	Yes
Application	mozilla	firefox	1.5.0.6	Yes
Application	mozilla	firefox	1.5.0.7	Yes
Application	mozilla	firefox	1.5.0.8	Yes
Application	mozilla	firefox	1.5.0.9	Yes
Application	mozilla	firefox	1.5.0.10	Yes
Application	mozilla	firefox	1.5.0.11	Yes
Application	mozilla	firefox	2.0	Yes
Application	mozilla	firefox	2.0.0.1	Yes
Application	mozilla	firefox	2.0.0.2	Yes
Application	mozilla	firefox	2.0.0.3	Yes
Application	mozilla	seamonkey	1.0.9	Yes
Application	mozilla	seamonkey	1.1.2	Yes
Application	mozilla	thunderbird	1.5	Yes
Application	mozilla	thunderbird	1.5.0.1	Yes
Application	mozilla	thunderbird	1.5.0.2	Yes
Application	mozilla	thunderbird	1.5.0.3	Yes
Application	mozilla	thunderbird	1.5.0.4	Yes
Application	mozilla	thunderbird	1.5.0.6	Yes
Application	mozilla	thunderbird	1.5.0.7	Yes
Application	mozilla	thunderbird	1.5.0.8	Yes
Application	mozilla	thunderbird	1.5.0.9	Yes
Application	mozilla	thunderbird	1.5.0.10	Yes
Application	mozilla	thunderbird	1.5.0.11	Yes
Application	mozilla	thunderbird	2.0.0.0	Yes
Application	mozilla	thunderbird	2.0.0.1	Yes
Application	mozilla	thunderbird	2.0.0.2	Yes
Application	mozilla	thunderbird	2.0.0.3	Yes

References

http://fedoranews.org/cms/node/2747 ([email protected])
http://fedoranews.org/cms/node/2749 ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 ([email protected])
http://osvdb.org/35138 ([email protected])
http://secunia.com/advisories/24406 Vendor Advisory ([email protected])
http://secunia.com/advisories/24456 Vendor Advisory ([email protected])
http://secunia.com/advisories/25469 Vendor Advisory ([email protected])
http://secunia.com/advisories/25476 Vendor Advisory ([email protected])
http://secunia.com/advisories/25488 Vendor Advisory ([email protected])
http://secunia.com/advisories/25489 Vendor Advisory ([email protected])
http://secunia.com/advisories/25490 Vendor Advisory ([email protected])
http://secunia.com/advisories/25491 Vendor Advisory ([email protected])
http://secunia.com/advisories/25492 Vendor Advisory ([email protected])
http://secunia.com/advisories/25496 Vendor Advisory ([email protected])
http://secunia.com/advisories/25533 Vendor Advisory ([email protected])
http://secunia.com/advisories/25534 Vendor Advisory ([email protected])
http://secunia.com/advisories/25559 Vendor Advisory ([email protected])
http://secunia.com/advisories/25635 Vendor Advisory ([email protected])
http://secunia.com/advisories/25644 Vendor Advisory ([email protected])
http://secunia.com/advisories/25647 Vendor Advisory ([email protected])
http://secunia.com/advisories/25664 Vendor Advisory ([email protected])
http://secunia.com/advisories/25685 Vendor Advisory ([email protected])
http://secunia.com/advisories/25750 Vendor Advisory ([email protected])
http://secunia.com/advisories/25858 ([email protected])
http://secunia.com/advisories/27427 ([email protected])
http://secunia.com/advisories/28363 ([email protected])
http://security.gentoo.org/glsa/glsa-200706-06.xml ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1 ([email protected])
http://www.debian.org/security/2007/dsa-1300 ([email protected])
http://www.debian.org/security/2007/dsa-1305 ([email protected])
http://www.debian.org/security/2007/dsa-1306 ([email protected])
http://www.debian.org/security/2007/dsa-1308 ([email protected])
http://www.kb.cert.org/vuls/id/609956 US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 ([email protected])
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html Vendor Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0400.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0401.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0402.html ([email protected])
http://www.securityfocus.com/archive/1/470172/100/200/threaded ([email protected])
http://www.securityfocus.com/archive/1/471842/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/24242 ([email protected])
http://www.securitytracker.com/id?1018151 ([email protected])
http://www.securitytracker.com/id?1018152 ([email protected])
http://www.securitytracker.com/id?1018153 ([email protected])
http://www.ubuntu.com/usn/usn-468-1 ([email protected])
http://www.ubuntu.com/usn/usn-469-1 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA07-151A.html US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2007/1994 ([email protected])
http://www.vupen.com/english/advisories/2007/3632 ([email protected])
http://www.vupen.com/english/advisories/2008/0082 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/34605 ([email protected])
https://issues.rpath.com/browse/RPL-1424 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711 ([email protected])
http://fedoranews.org/cms/node/2747 (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/cms/node/2749 (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/35138 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24406 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24456 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25469 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25476 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25488 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25489 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25490 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25491 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25492 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25496 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25533 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25534 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25559 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25635 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25644 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25647 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25664 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25685 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25750 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25858 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27427 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28363 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200706-06.xml (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1300 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1305 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1306 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1308 (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/609956 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0400.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0401.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0402.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/470172/100/200/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/471842/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/24242 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018151 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018152 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018153 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-468-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-469-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA07-151A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1994 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3632 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0082 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34605 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1424 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711 (af854a3a-2127-422b-91ae-364da2661108)