NVD脆弱性詳細

CVE-2007-2867

概要	Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
公表日	2007年6月1日9:30
登録日	2021年1月29日14:13
最終更新日	2018年10月17日1:45

CVSS2.0 : HIGH
スコア	9.3
ベクター	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.8:::::::*
cpe:2.3:a:mozilla:firefox:2.0:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.10:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.11:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.2:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://fedoranews.org/cms/node/2747	FEDORA
2	http://fedoranews.org/cms/node/2749	FEDORA
3	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	HP
4	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579	HP
5	http://osvdb.org/35134	OSVDB
6	http://secunia.com/advisories/24406	SECUNIA
7	http://secunia.com/advisories/24456	SECUNIA
8	http://secunia.com/advisories/25469	SECUNIA
9	http://secunia.com/advisories/25476	SECUNIA
10	http://secunia.com/advisories/25488	SECUNIA
11	http://secunia.com/advisories/25489	SECUNIA
12	http://secunia.com/advisories/25490	SECUNIA
13	http://secunia.com/advisories/25491	SECUNIA
14	http://secunia.com/advisories/25492	SECUNIA
15	http://secunia.com/advisories/25496	SECUNIA
16	http://secunia.com/advisories/25533	SECUNIA
17	http://secunia.com/advisories/25534	SECUNIA
18	http://secunia.com/advisories/25559	SECUNIA
19	http://secunia.com/advisories/25635	SECUNIA
20	http://secunia.com/advisories/25644	SECUNIA
21	http://secunia.com/advisories/25647	SECUNIA
22	http://secunia.com/advisories/25664	SECUNIA
23	http://secunia.com/advisories/25685	SECUNIA
24	http://secunia.com/advisories/25750	SECUNIA
25	http://secunia.com/advisories/25858	SECUNIA
26	http://secunia.com/advisories/27423	SECUNIA
27	http://secunia.com/advisories/28363	SECUNIA
28	http://security.gentoo.org/glsa/glsa-200706-06.xml	GENTOO
29	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947	SLACKWARE
30	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857	SLACKWARE
31	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1	SUNALERT
32	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1	SUNALERT
33	http://www.debian.org/security/2007/dsa-1300	DEBIAN
34	http://www.debian.org/security/2007/dsa-1305	DEBIAN
35	http://www.debian.org/security/2007/dsa-1306	DEBIAN
36	http://www.debian.org/security/2007/dsa-1308	DEBIAN
37	http://www.kb.cert.org/vuls/id/751636	CERT-VN	US Government Resource
38	http://www.mandriva.com/security/advisories?name=MDKSA-2007:119	MANDRIVA
39	http://www.mandriva.com/security/advisories?name=MDKSA-2007:120	MANDRIVA
40	http://www.mandriva.com/security/advisories?name=MDKSA-2007:126	MANDRIVA
41	http://www.mandriva.com/security/advisories?name=MDKSA-2007:131	MANDRIVA
42	http://www.mozilla.org/security/announce/2007/mfsa2007-12.html	CONFIRM	Patch
43	http://www.novell.com/linux/security/advisories/2007_36_mozilla.html	SUSE
44	http://www.redhat.com/support/errata/RHSA-2007-0400.html	REDHAT
45	http://www.redhat.com/support/errata/RHSA-2007-0401.html	REDHAT
46	http://www.redhat.com/support/errata/RHSA-2007-0402.html	REDHAT
47	http://www.securityfocus.com/archive/1/470172/100/200/threaded	BUGTRAQ
48	http://www.securityfocus.com/archive/1/471842/100/0/threaded	BUGTRAQ
49	http://www.securityfocus.com/bid/24242	BID
50	http://www.securitytracker.com/id?1018151	SECTRACK
51	http://www.securitytracker.com/id?1018153	SECTRACK
52	http://www.ubuntu.com/usn/usn-468-1	UBUNTU
53	http://www.ubuntu.com/usn/usn-469-1	UBUNTU
54	http://www.us-cert.gov/cas/techalerts/TA07-151A.html	CERT	US Government Resource
55	http://www.vupen.com/english/advisories/2007/1994	VUPEN
56	http://www.vupen.com/english/advisories/2007/3664	VUPEN
57	http://www.vupen.com/english/advisories/2008/0082	VUPEN
58	https://exchange.xforce.ibmcloud.com/vulnerabilities/34604	XF
59	https://issues.rpath.com/browse/RPL-1424	CONFIRM
60	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066	OVAL

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.8:::::::*
cpe:2.3:a:mozilla:firefox:2.0:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.10:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.11:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.2:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:::::::*