9.3
CVE-2007-0776
- EPSS 6.74%
- Veröffentlicht 26.02.2007 19:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:15
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.74% | 0.931 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.vupen.com/english/advisories/2008/0083
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24437
http://secunia.com/advisories/24457
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/22694
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2007/0718
https://issues.rpath.com/browse/RPL-1081
http://secunia.com/advisories/24455
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://secunia.com/advisories/24252
http://secunia.com/advisories/24389
http://secunia.com/advisories/24406
http://secunia.com/advisories/24410
http://secunia.com/advisories/24456
http://secunia.com/advisories/24522
http://security.gentoo.org/glsa/glsa-200703-18.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
http://www.securitytracker.com/id?1017698
http://www.ubuntu.com/usn/usn-431-1
http://www.vupen.com/english/advisories/2007/0719
http://www.kb.cert.org/vuls/id/551436
http://www.osvdb.org/32113
https://bugzilla.mozilla.org/show_bug.cgi?id=360645
https://exchange.xforce.ibmcloud.com/vulnerabilities/32698