9.3

CVE-2007-0776

Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.1
MozillaSeamonkey Version <= 1.0.7
MozillaThunderbird Version <= 1.5.0.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.74% 0.931
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.vupen.com/english/advisories/2008/0083
Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://secunia.com/advisories/24205
Vendor Advisory
http://secunia.com/advisories/24238
Vendor Advisory
http://secunia.com/advisories/24293
Vendor Advisory
http://secunia.com/advisories/24320
Vendor Advisory
http://secunia.com/advisories/24328
Vendor Advisory
http://secunia.com/advisories/24333
Vendor Advisory
http://secunia.com/advisories/24384
Vendor Advisory
http://secunia.com/advisories/24393
Vendor Advisory
http://secunia.com/advisories/24437
Vendor Advisory
http://secunia.com/advisories/24457
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/22694
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2007/0718
Vendor Advisory
https://issues.rpath.com/browse/RPL-1081
http://secunia.com/advisories/24455
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://secunia.com/advisories/24252
Vendor Advisory
http://secunia.com/advisories/24389
Vendor Advisory
http://secunia.com/advisories/24406
Vendor Advisory
http://secunia.com/advisories/24410
Vendor Advisory
http://secunia.com/advisories/24456
Vendor Advisory
http://secunia.com/advisories/24522
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200703-18.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
Patch
Vendor Advisory
http://www.securitytracker.com/id?1017698
http://www.ubuntu.com/usn/usn-431-1
http://www.vupen.com/english/advisories/2007/0719
Vendor Advisory
http://www.kb.cert.org/vuls/id/551436
US Government Resource
http://www.osvdb.org/32113
https://bugzilla.mozilla.org/show_bug.cgi?id=360645
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32698