National Cyber Awareness System

Vulnerability Summary for CVE-2007-1282

Overview

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: REDHAT

Name: RHSA-2007:0078

Type: Patch Information

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0078.html

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2007/mfsa2007-10.html

Type: Patch Information

Hyperlink:http://www.mozilla.org/security/announce/2007/mfsa2007-10.html

External Source: MISC

Name: https://bugzilla.mozilla.org/show_bug.cgi?id=362735

Hyperlink:https://bugzilla.mozilla.org/show_bug.cgi?id=362735

External Source: XF

Name: mozilla-email-messages-overflow(32810)

Hyperlink:http://xforce.iss.net/xforce/xfdb/32810

External Source: VUPEN

Name: ADV-2007-0824

Hyperlink:http://www.vupen.com/english/advisories/2007/0824

External Source: BID

Name: 22845

Hyperlink:http://www.securityfocus.com/bid/22845

External Source: REDHAT

Name: RHSA-2007:0108

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0108.html

External Source: GENTOO

Name: GLSA-200703-18

Hyperlink:http://security.gentoo.org/glsa/glsa-200703-18.xml

External Source: SECUNIA

Name: 24522

Hyperlink:http://secunia.com/advisories/24522

External Source: OVAL

Name: oval:org.mitre.oval:def:11313

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11313

External Source: OSVDB

Name: 33810

Hyperlink:http://osvdb.org/33810

External Source: SGI

Name: 20070202-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

External Source: DEBIAN

Name: DSA-1336

Hyperlink:http://www.debian.org/security/2007/dsa-1336

External Source: SLACKWARE

Name: SSA:2007-066-04

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

External Source: SLACKWARE

Name: SSA:2007-066-05

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

External Source: SECUNIA

Name: 25588

Hyperlink:http://secunia.com/advisories/25588

External Source: SECUNIA

Name: 24457

Hyperlink:http://secunia.com/advisories/24457

External Source: SECUNIA

Name: 24456

Hyperlink:http://secunia.com/advisories/24456

External Source: SECUNIA

Name: 24406

Hyperlink:http://secunia.com/advisories/24406

External Source: FEDORA

Name: FEDORA-2007-309

Hyperlink:http://fedoranews.org/cms/node/2749

External Source: FEDORA

Name: FEDORA-2007-308

Hyperlink:http://fedoranews.org/cms/node/2747

References to Check Content

Identifier:oval:org.mitre.oval:def:11313

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11313