National Cyber Awareness System

Vulnerability Summary for CVE-2007-2867

Overview

Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA07-151A

Name: TA07-151A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA07-151A.html

US-CERT Vulnerability Note: VU#751636

Name: VU#751636

Hyperlink:http://www.kb.cert.org/vuls/id/751636

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2007/mfsa2007-12.html

Type: Patch Information

Hyperlink:http://www.mozilla.org/security/announce/2007/mfsa2007-12.html

External Source: VUPEN

Name: ADV-2008-0082

Hyperlink:http://www.vupen.com/english/advisories/2008/0082

External Source: VUPEN

Name: ADV-2007-3664

Hyperlink:http://www.vupen.com/english/advisories/2007/3664

External Source: VUPEN

Name: ADV-2007-1994

Hyperlink:http://www.vupen.com/english/advisories/2007/1994

External Source: OVAL

Name: oval:org.mitre.oval:def:10066

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10066

External Source: OSVDB

Name: 35134

Hyperlink:http://osvdb.org/35134

External Source: HP

Name: SSRT061236

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

External Source: HP

Name: SSRT061181

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-1424

Hyperlink:https://issues.rpath.com/browse/RPL-1424

External Source: XF

Name: mozilla-layoutengine-dos(34604)

Hyperlink:http://xforce.iss.net/xforce/xfdb/34604

External Source: UBUNTU

Name: USN-469-1

Hyperlink:http://www.ubuntu.com/usn/usn-469-1

External Source: UBUNTU

Name: USN-468-1

Hyperlink:http://www.ubuntu.com/usn/usn-468-1

External Source: SECTRACK

Name: 1018153

Hyperlink:http://www.securitytracker.com/id?1018153

External Source: SECTRACK

Name: 1018151

Hyperlink:http://www.securitytracker.com/id?1018151

External Source: BID

Name: 24242

Hyperlink:http://www.securityfocus.com/bid/24242

External Source: BUGTRAQ

Name: 20070620 FLEA-2007-0027-1: thunderbird

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/471842/100/0/threaded

External Source: BUGTRAQ

Name: 20070531 FLEA-2007-0023-1: firefox

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/470172/100/200/threaded

External Source: REDHAT

Name: RHSA-2007:0402

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0402.html

External Source: REDHAT

Name: RHSA-2007:0401

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0401.html

External Source: REDHAT

Name: RHSA-2007:0400

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0400.html

External Source: SUSE

Name: SUSE-SA:2007:036

Hyperlink:http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

External Source: MANDRIVA

Name: MDKSA-2007:131

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:131

External Source: MANDRIVA

Name: MDKSA-2007:126

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:126

External Source: MANDRIVA

Name: MDKSA-2007:120

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:120

External Source: MANDRIVA

Name: MDKSA-2007:119

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:119

External Source: DEBIAN

Name: DSA-1308

Hyperlink:http://www.debian.org/security/2007/dsa-1308

External Source: DEBIAN

Name: DSA-1306

Hyperlink:http://www.debian.org/security/2007/dsa-1306

External Source: DEBIAN

Name: DSA-1305

Hyperlink:http://www.debian.org/security/2007/dsa-1305

External Source: DEBIAN

Name: DSA-1300

Hyperlink:http://www.debian.org/security/2007/dsa-1300

External Source: SUNALERT

Name: 201532

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1

External Source: SUNALERT

Name: 103136

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1

External Source: SLACKWARE

Name: SSA:2007-152-02

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

External Source: SLACKWARE

Name: SSA:2007-066-04

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

External Source: GENTOO

Name: GLSA-200706-06

Hyperlink:http://security.gentoo.org/glsa/glsa-200706-06.xml

External Source: SECUNIA

Name: 28363

Hyperlink:http://secunia.com/advisories/28363

External Source: SECUNIA

Name: 27423

Hyperlink:http://secunia.com/advisories/27423

External Source: SECUNIA

Name: 25858

Hyperlink:http://secunia.com/advisories/25858

External Source: SECUNIA

Name: 25750

Hyperlink:http://secunia.com/advisories/25750

External Source: SECUNIA

Name: 25685

Hyperlink:http://secunia.com/advisories/25685

External Source: SECUNIA

Name: 25664

Hyperlink:http://secunia.com/advisories/25664

External Source: SECUNIA

Name: 25647

Hyperlink:http://secunia.com/advisories/25647

External Source: SECUNIA

Name: 25644

Hyperlink:http://secunia.com/advisories/25644

External Source: SECUNIA

Name: 25635

Hyperlink:http://secunia.com/advisories/25635

External Source: SECUNIA

Name: 25559

Hyperlink:http://secunia.com/advisories/25559

External Source: SECUNIA

Name: 25534

Hyperlink:http://secunia.com/advisories/25534

External Source: SECUNIA

Name: 25533

Hyperlink:http://secunia.com/advisories/25533

External Source: SECUNIA

Name: 25496

Hyperlink:http://secunia.com/advisories/25496

External Source: SECUNIA

Name: 25492

Hyperlink:http://secunia.com/advisories/25492

External Source: SECUNIA

Name: 25491

Hyperlink:http://secunia.com/advisories/25491

External Source: SECUNIA

Name: 25490

Hyperlink:http://secunia.com/advisories/25490

External Source: SECUNIA

Name: 25489

Hyperlink:http://secunia.com/advisories/25489

External Source: SECUNIA

Name: 25488

Hyperlink:http://secunia.com/advisories/25488

External Source: SECUNIA

Name: 25476

Hyperlink:http://secunia.com/advisories/25476

External Source: SECUNIA

Name: 25469

Hyperlink:http://secunia.com/advisories/25469

External Source: SECUNIA

Name: 24456

Hyperlink:http://secunia.com/advisories/24456

External Source: SECUNIA

Name: 24406

Hyperlink:http://secunia.com/advisories/24406

External Source: HP

Name: SSRT061236

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

External Source: HP

Name: HPSBUX02153

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

External Source: FEDORA

Name: FEDORA-2007-309

Hyperlink:http://fedoranews.org/cms/node/2749

External Source: FEDORA

Name: FEDORA-2007-308

Hyperlink:http://fedoranews.org/cms/node/2747

References to Check Content

Identifier:oval:org.mitre.oval:def:10066

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10066