CVE-2007-5340

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.

Múltiples vulnerabilidades en el motor de Javascript del Mozilla Firefox anterior al 2.0.0.8, del Thunderbird anterior al 2.0.0.8, y del SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de HTML modificado que dispara una corrupción de memoria.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-10-10 CVE Reserved
2007-10-21 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (73)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=196481	X_refsource_confirm
http://secunia.com/advisories/27276	Third Party Advisory
http://secunia.com/advisories/27298	Third Party Advisory
http://secunia.com/advisories/27311	Third Party Advisory
http://secunia.com/advisories/27313	Third Party Advisory
http://secunia.com/advisories/27315	Third Party Advisory
http://secunia.com/advisories/27325	Third Party Advisory
http://secunia.com/advisories/27326	Third Party Advisory
http://secunia.com/advisories/27327	Third Party Advisory
http://secunia.com/advisories/27335	Third Party Advisory
http://secunia.com/advisories/27336	Third Party Advisory
http://secunia.com/advisories/27356	Third Party Advisory
http://secunia.com/advisories/27360	Third Party Advisory
http://secunia.com/advisories/27383	Third Party Advisory
http://secunia.com/advisories/27387	Third Party Advisory
http://secunia.com/advisories/27403	Third Party Advisory
http://secunia.com/advisories/27414	Third Party Advisory
http://secunia.com/advisories/27425	Third Party Advisory
http://secunia.com/advisories/27480	Third Party Advisory
http://secunia.com/advisories/27665	Third Party Advisory
http://secunia.com/advisories/27680	Third Party Advisory
http://secunia.com/advisories/27704	Third Party Advisory
http://secunia.com/advisories/28179	Third Party Advisory
http://secunia.com/advisories/28363	Third Party Advisory
http://secunia.com/advisories/28398	Third Party Advisory
http://secunia.com/advisories/28636	Third Party Advisory
http://securitytracker.com/id?1018834	Vdb Entry
http://securitytracker.com/id?1018835	Vdb Entry
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html	X_refsource_confirm
http://www.kb.cert.org/vuls/id/755513	Third Party Advisory
http://www.securityfocus.com/archive/1/482876/100/200/threaded	Mailing List
http://www.securityfocus.com/archive/1/482925/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/482932/100/200/threaded	Mailing List
http://www.securityfocus.com/bid/26132	Vdb Entry
http://www.vupen.com/english/advisories/2007/3544	Vdb Entry
http://www.vupen.com/english/advisories/2007/3545	Vdb Entry
http://www.vupen.com/english/advisories/2007/3587	Vdb Entry
http://www.vupen.com/english/advisories/2007/4272	Vdb Entry
http://www.vupen.com/english/advisories/2008/0082	Vdb Entry
http://www.vupen.com/english/advisories/2008/0083	Vdb Entry
http://www.vupen.com/english/advisories/2008/0643	Vdb Entry
https://bugzilla.mozilla.org/buglist.cgi?bug_id=372309%2C387955%2C390078%2C393537	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/37282	Vdb Entry
https://issues.rpath.com/browse/RPL-1858	X_refsource_confirm
https://issues.rpath.com/browse/RPL-1884	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9622	Signature

URL	Date	SRC

URL	Date	SRC
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html	2023-02-13

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	2023-02-13
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579	2023-02-13
http://security.gentoo.org/glsa/glsa-200711-24.xml	2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1	2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1	2023-02-13
http://www.debian.org/security/2007/dsa-1391	2023-02-13
http://www.debian.org/security/2007/dsa-1392	2023-02-13
http://www.debian.org/security/2007/dsa-1396	2023-02-13
http://www.debian.org/security/2007/dsa-1401	2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml	2023-02-13
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047	2023-02-13
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html	2023-02-13
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0979.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0980.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0981.html	2023-02-13
http://www.ubuntu.com/usn/usn-536-1	2023-02-13
https://usn.ubuntu.com/535-1	2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html	2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html	2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2007-5340	2007-10-19
https://bugzilla.redhat.com/show_bug.cgi?id=1618329	2007-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				<= 2.0.0.7 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				<= 1.1.4 Search vendor "Mozilla" for product "Seamonkey" and version " <= 1.1.4"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				<= 2.0.0.6 Search vendor "Mozilla" for product "Thunderbird" and version " <= 2.0.0.6"		-		Affected