CVE Reference: CVE-2007-0776

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-0776

Description:
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/32698

UBUNTU
  http://www.ubuntu.com/usn/usn-431-1
  http://www.ubuntu.com/usn/usn-428-1

SUSE
  http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
  http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

ST
  1017698

SLACKWARE
  http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
  http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
  http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

SAID
  Secunia Advisory: SA24393
  Secunia Advisory: SA24293
  Secunia Advisory: SA24320
  Secunia Advisory: SA24333
  Secunia Advisory: SA24328
  Secunia Advisory: SA24205
  Secunia Advisory: SA24252
  Secunia Advisory: SA24238
  Secunia Advisory: SA24384
  Secunia Advisory: SA24389
  Secunia Advisory: SA24410
  Secunia Advisory: SA24437
  Secunia Advisory: SA24522
  Secunia Advisory: SA24406
  Secunia Advisory: SA24455
  Secunia Advisory: SA24456
  Secunia Advisory: SA24457

OSVDB
  32113

MISC

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDKSA-2007:052

HP
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

GENTOO
  http://security.gentoo.org/glsa/glsa-200703-18.xml
  http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
  http://security.gentoo.org/glsa/glsa-200703-04.xml

FEDORA
  http://fedoranews.org/cms/node/2749
  http://fedoranews.org/cms/node/2728
  http://fedoranews.org/cms/node/2747
  http://fedoranews.org/cms/node/2713

CONFIRM
  http://www.mozilla.org/security/announce/2007/mfsa2007-01.html

CERT-VN
  551436

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded

BID
  22694


Return to the previous page.