CVE-2007-1794

2007-04-0222:19:00

mitre

web.nvd.nist.gov

cve-2007-1794

mozilla

javascript engine

sun solaris

remote code execution

garbage collection

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.752

Percentile

98.2%

JSON

The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.

Affected configurations

Nvd

Node

sunsolarisMatch10.0hw2

sunsunosMatch5.8

sunsunosMatch5.9

AND

mozillamozillaRange≤1.7

VendorProductVersionCPE
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:hw2:*:*:*:*:*:*
sunsunos5.8cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
sunsunos5.9cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
mozillamozilla*cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	10.0	cpe:2.3:o:sun:solaris:10.0:hw2::::::
sun	sunos	5.8	cpe:2.3:o:sun:sunos:5.8:::::::*
sun	sunos	5.9	cpe:2.3:o:sun:sunos:5.9:::::::*
mozilla	mozilla	*	cpe:2.3:a:mozilla:mozilla::::::::