Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2007-0009

Publication date 26 February 2007

Last updated 24 July 2024

Ubuntu priority

Unknown

Why this priority?

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

Status

Package Ubuntu Release Status
firefox 7.10 gutsy
Not affected
7.04 feisty
Fixed 2.0.0.6+1-0ubuntu1
6.10 edgy
Fixed 2.0.0.6+0dfsg-0ubuntu0.6.10
6.06 LTS dapper
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
iceape 7.10 gutsy
Fixed 1.1.4-1ubuntu2
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
lightning-sunbird 7.10 gutsy
Fixed 0.5-0ubuntu4
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
midbrowser 7.10 gutsy
Fixed 0.1.6b-0ubuntu2
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
mozilla-thunderbird 7.10 gutsy Not in release
7.04 feisty
Fixed 1.5.0.13-0ubuntu0.7.04
6.10 edgy
Fixed 1.5.0.13-0ubuntu0.6.10
6.06 LTS dapper
Fixed 1.5.0.13-0ubuntu0.6.06
xulrunner 7.10 gutsy
Fixed 1.8.0.10-3ubuntu1
7.04 feisty
Fixed 1.8.0.10-3ubuntu1
6.10 edgy Ignored
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-428-1
    • Firefox vulnerabilities
    • 1 March 2007
    • USN-431-1
    • Thunderbird vulnerabilities
    • 7 March 2007

Other references