CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
The Mozilla JavaScript engine contains multiple memory corruption vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, or create a denial of service condition.
The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird email client is also a Mozilla product.
Multiple memory corruption vulnerabilities exist in the way Mozilla products process JavaScript. For more information refer to Mozilla Foundation Security Advisory 2007-01.
Note that other Mozilla-based applications may also be affected.
A remote, unauthenticated attacker may be able to execute arbitrary code or create a denial of service condition.
Upgrade
See Mozilla Foundation Security Advisory 2007-01 for information about affected clients.
Disable Javascript
Disabling JavaScript may mitigate this vulnerability. See the Securing Your Web Browser document for more information.
269484
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 23, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.mozilla.org/security/announce/2007/mfsa2007-01.html> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23269484 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Mozilla for information used in this report. Mozilla thanks Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4 and shutdown.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2007-0777 |
---|---|
Severity Metric: | 2.65 Date Public: |
secunia.com/advisories/24238/
secunia.com/advisories/24252/
secunia.com/advisories/24287/
secunia.com/advisories/24293/
secunia.com/advisories/24320/
secunia.com/advisories/24327/
secunia.com/advisories/24328/
secunia.com/advisories/24333/
secunia.com/advisories/24343/
secunia.com/advisories/24352/
secunia.com/advisories/24389/
secunia.com/advisories/24393/
secunia.com/advisories/24406/
secunia.com/advisories/24410/
secunia.com/advisories/24432/
secunia.com/advisories/24455/
secunia.com/advisories/24456/
secunia.com/advisories/24457/
www.cert.org/tech_tips/securing_browser/
www.ciac.org/ciac/bulletins/r-164.shtml
www.mozilla.com/en-US/
www.mozilla.com/en-US/thunderbird/
www.mozilla.org/products/mozilla1.x/
www.mozilla.org/security/announce/2007/mfsa2007-01.html
www.mozilla.org/security/announce/2007/mfsa2007-01.html