CVE-2007-2868

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.

Múltiples vulnerabilidades en el motor de JavaScript para el Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, el Thunderbird 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, y el SeaMonkey 1.0.9 y 1.1.2 permite a atacantes remotos provocar una denegación de servicio (caída) y, posiblemente, ejecutar código de su elección a través de vectores que disparan un agotamiento de memoria.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-05-29 CVE Reserved
2007-06-01 CVE Published
2024-08-07 CVE Updated
2024-09-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (62)

URL	Tag	Source
http://osvdb.org/35138	Vdb Entry
http://secunia.com/advisories/25858	Third Party Advisory
http://secunia.com/advisories/27427	Third Party Advisory
http://secunia.com/advisories/28363	Third Party Advisory
http://www.kb.cert.org/vuls/id/609956	Third Party Advisory
http://www.securityfocus.com/archive/1/470172/100/200/threaded	Mailing List
http://www.securityfocus.com/archive/1/471842/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/24242	Vdb Entry
http://www.securitytracker.com/id?1018151	Vdb Entry
http://www.securitytracker.com/id?1018152	Vdb Entry
http://www.securitytracker.com/id?1018153	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA07-151A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2007/1994	Vdb Entry
http://www.vupen.com/english/advisories/2007/3632	Vdb Entry
http://www.vupen.com/english/advisories/2008/0082	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34605	Vdb Entry
https://issues.rpath.com/browse/RPL-1424	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://fedoranews.org/cms/node/2747	2018-10-16
http://fedoranews.org/cms/node/2749	2018-10-16
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	2018-10-16
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579	2018-10-16
http://secunia.com/advisories/24406	2018-10-16
http://secunia.com/advisories/24456	2018-10-16
http://secunia.com/advisories/25469	2018-10-16
http://secunia.com/advisories/25476	2018-10-16
http://secunia.com/advisories/25488	2018-10-16
http://secunia.com/advisories/25489	2018-10-16
http://secunia.com/advisories/25490	2018-10-16
http://secunia.com/advisories/25491	2018-10-16
http://secunia.com/advisories/25492	2018-10-16
http://secunia.com/advisories/25496	2018-10-16
http://secunia.com/advisories/25533	2018-10-16
http://secunia.com/advisories/25534	2018-10-16
http://secunia.com/advisories/25559	2018-10-16
http://secunia.com/advisories/25635	2018-10-16
http://secunia.com/advisories/25644	2018-10-16
http://secunia.com/advisories/25647	2018-10-16
http://secunia.com/advisories/25664	2018-10-16
http://secunia.com/advisories/25685	2018-10-16
http://secunia.com/advisories/25750	2018-10-16
http://security.gentoo.org/glsa/glsa-200706-06.xml	2018-10-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947	2018-10-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857	2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1	2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1	2018-10-16
http://www.debian.org/security/2007/dsa-1300	2018-10-16
http://www.debian.org/security/2007/dsa-1305	2018-10-16
http://www.debian.org/security/2007/dsa-1306	2018-10-16
http://www.debian.org/security/2007/dsa-1308	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131	2018-10-16
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html	2018-10-16
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0400.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0401.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0402.html	2018-10-16
http://www.ubuntu.com/usn/usn-468-1	2018-10-16
http://www.ubuntu.com/usn/usn-469-1	2018-10-16
https://access.redhat.com/security/cve/CVE-2007-2868	2007-05-31
https://bugzilla.redhat.com/show_bug.cgi?id=1618369	2007-05-31

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.1 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.2 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.3 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.5 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.6 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.7 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.8 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.9 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.9"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.10 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.10"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.11 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.11"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.1 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.2 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.3 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.9 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.9"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.1.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.2"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5 Search vendor "Mozilla" for product "Thunderbird" and version "1.5"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.1 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.2 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.3 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.4 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.6 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.7 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.8 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.9 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.9"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.10 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.10"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.11 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.11"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				2.0.0.0 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.0"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				2.0.0.1 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				2.0.0.2 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				2.0.0.3 Search vendor "Mozilla" for product "Thunderbird" and version "2.0.0.3"		-		Affected