CVE-2007-0776

Common Vulnerabilities and Exposures

Upstream information

CVE-2007-0776 at MITRE

Description

Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 244923

SUSE Security Advisories:

SUSE-SA:2007:019, published Tue, 06 Mar 2007 18:00:00 +0000
SUSE-SA:2007:022, published Tue, 20 Mar 2007 11:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE LINUX 10.1	`seamonkey >= 1.0.8-0.1` `seamonkey-calendar >= 1.0.8-0.1` `seamonkey-dom-inspector >= 1.0.8-0.1` `seamonkey-irc >= 1.0.8-0.1` `seamonkey-mail >= 1.0.8-0.1` `seamonkey-spellchecker >= 1.0.8-0.1` `seamonkey-venkman >= 1.0.8-0.1`
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64	`MozillaFirefox >= 1.5.0.10-0.2` `MozillaFirefox-translations >= 1.5.0.10-0.2`	Builds YOU Patch Nr: 11446
SUSE LINUX 10.1	`MozillaThunderbird >= 1.5.0.10-1.1` `MozillaThunderbird-translations >= 1.5.0.10-1.1`
SUSE LINUX 10.0 SUSE LINUX 9.3	`MozillaThunderbird >= 1.5.0.10-1.1`
Novell Linux Desktop 9 for x86	`mozilla >= 1.8_seamonkey_1.0.8-0.1` `mozilla-cs >= 1.8_seamonkey_1.0.4-0.4` `mozilla-deat >= 1.8_seamonkey_1.0.4-0.4` `mozilla-devel >= 1.8_seamonkey_1.0.8-0.1` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1` `mozilla-hu >= 1.80_seamonkey_1.0.4-2` `mozilla-irc >= 1.8_seamonkey_1.0.8-0.1` `mozilla-mail >= 1.8_seamonkey_1.0.8-0.1` `mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1`	core9.s390 core9.x86 YOU Patch Nr: 11458
Novell Linux Desktop 9 for x86_64	`mozilla >= 1.8_seamonkey_1.0.8-0.1` `mozilla-cs >= 1.8_seamonkey_1.0.4-0.4` `mozilla-deat >= 1.8_seamonkey_1.0.4-0.4` `mozilla-devel >= 1.8_seamonkey_1.0.8-0.1` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1` `mozilla-hu >= 1.80_seamonkey_1.0.4-2` `mozilla-irc >= 1.8_seamonkey_1.0.8-0.1` `mozilla-lib64 >= 1.6-0.8` `mozilla-mail >= 1.8_seamonkey_1.0.8-0.1` `mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1`	core9.s390 core9.x86 YOU Patch Nr: 11458
Open Enterprise Server	`mozilla >= 1.8_seamonkey_1.0.8-0.1` `mozilla-calendar >= 1.8_seamonkey_1.0.8-0.1` `mozilla-cs >= 1.8_seamonkey_1.0.4-0.4` `mozilla-deat >= 1.8_seamonkey_1.0.4-0.4` `mozilla-devel >= 1.8_seamonkey_1.0.8-0.1` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1` `mozilla-hu >= 1.80_seamonkey_1.0.4-2` `mozilla-irc >= 1.8_seamonkey_1.0.8-0.1` `mozilla-mail >= 1.8_seamonkey_1.0.8-0.1` `mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1`	core9.s390 core9.x86 YOU Patch Nr: 11458
SUSE LINUX 10.0 SUSE LINUX 10.1 SUSE LINUX 9.3	`MozillaFirefox >= 1.5.0.10-0.2` `MozillaFirefox-translations >= 1.5.0.10-0.2`
SUSE LINUX 10.0	`mozilla >= 1.8_seamonkey_1.0.8-0.1` `mozilla-calendar >= 1.8_seamonkey_1.0.8-0.1` `mozilla-devel >= 1.8_seamonkey_1.0.8-0.1` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1` `mozilla-irc >= 1.8_seamonkey_1.0.8-0.1` `mozilla-ko >= 1.75-3.2` `mozilla-mail >= 1.8_seamonkey_1.0.8-0.1` `mozilla-spellchecker >= 1.8_seamonkey_1.0.8-0.1` `mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1` `mozilla-zh-CN >= 1.7-6.2` `mozilla-zh-TW >= 1.7-6.2`
SUSE LINUX 9.3	`galeon >= 2.0.0-28.2` `mozilla >= 1.8_seamonkey_1.0.8-0.1` `mozilla-32bit >= 9.3-7.6` `mozilla-calendar >= 1.8_seamonkey_1.0.8-0.1` `mozilla-devel >= 1.8_seamonkey_1.0.8-0.1` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1` `mozilla-irc >= 1.8_seamonkey_1.0.8-0.1` `mozilla-ko >= 1.72-4.2` `mozilla-mail >= 1.8_seamonkey_1.0.8-0.1` `mozilla-spellchecker >= 1.8_seamonkey_1.0.8-0.1` `mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1` `mozilla-zh-CN >= 1.7-4.2` `mozilla-zh-TW >= 1.7-4.2`
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`mozilla >= 1.8_seamonkey_1.0.8-0.3` `mozilla-calendar >= 1.8_seamonkey_1.0.8-0.3` `mozilla-devel >= 1.8_seamonkey_1.0.8-0.3` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.3` `mozilla-irc >= 1.8_seamonkey_1.0.8-0.3` `mozilla-mail >= 1.8_seamonkey_1.0.8-0.3` `mozilla-spellchecker >= 1.8_seamonkey_1.0.8-0.3` `mozilla-venkman >= 1.8_seamonkey_1.0.8-0.3` `mozilla-xmlterm >= 1.8_seamonkey_1.0.8-0.3`	slrs8.x86 ul1.s390 YOU Patch Nr: 11459
SUSE Linux Enterprise Desktop 10 SP1 for x86	`MozillaFirefox >= 2.0.0.2-2.13` `MozillaFirefox-translations >= 2.0.0.2-2.13` `dejavu >= 2.9-0.10` `desktop-data-NLD >= 10.1-31.24` `mozilla-nss >= 3.11.4-0.7` `mozilla-nss-devel >= 3.11.4-0.7` `mozilla-nss-tools >= 3.11.4-0.7` `openmotif-libs >= 2.2.4-21.12` `sax2 >= 7.1-125.37` `sax2-gui >= 1.7-125.37` `sax2-ident >= 1.7-125.38` `sax2-libsax >= 7.1-125.37` `sax2-libsax-csharp >= 7.1-121.37` `sax2-libsax-perl >= 7.1-125.37` `sax2-tools >= 2.7-125.37` `tightvnc >= 1.2.9-201.12` `xdg-menu >= 0.2-66.10` `xorg-x11-driver-video >= 6.9.0-46.40` `xorg-x11-driver-video-nvidia >= 6.9.0-46.40` `yast2-control-center >= 2.13.10-0.8` `yast2-qt >= 2.13.82-0.3` `yast2-x11 >= 2.13.13-0.4`	sles10.ia64 sles10.ppc sles10.x86-64 sles10.x86 sles10.s390x ZYPP Patch Nr: 2777
SUSE Linux Enterprise Desktop 10 SP1 for AMD64 and Intel EM64T	`MozillaFirefox >= 2.0.0.2-2.13` `MozillaFirefox-translations >= 2.0.0.2-2.13` `dejavu >= 2.9-0.10` `desktop-data-NLD >= 10.1-31.24` `mozilla-nss >= 3.11.4-0.7` `mozilla-nss-32bit >= 3.11.4-0.7` `mozilla-nss-devel >= 3.11.4-0.7` `mozilla-nss-tools >= 3.11.4-0.7` `openmotif-libs >= 2.2.4-21.12` `openmotif-libs-32bit >= 2.2.4-21.12` `sax2 >= 7.1-125.37` `sax2-gui >= 1.7-125.37` `sax2-ident >= 1.7-125.38` `sax2-libsax >= 7.1-125.37` `sax2-libsax-csharp >= 7.1-121.37` `sax2-libsax-perl >= 7.1-125.37` `sax2-tools >= 2.7-125.37` `tightvnc >= 1.2.9-201.12` `xdg-menu >= 0.2-66.10` `xorg-x11-driver-video >= 6.9.0-46.40` `xorg-x11-driver-video-nvidia >= 6.9.0-46.40` `yast2-control-center >= 2.13.10-0.8` `yast2-qt >= 2.13.82-0.3` `yast2-x11 >= 2.13.13-0.4`	sles10.ia64 sles10.ppc sles10.x86-64 sles10.x86 sles10.s390x ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for x86	`MozillaFirefox >= 2.0.0.2-2.13` `MozillaFirefox-translations >= 2.0.0.2-2.13` `dejavu >= 2.9-0.10` `desktop-data-NLD >= 10.1-31.24` `mozilla-nss >= 3.11.4-0.7` `mozilla-nss-devel >= 3.11.4-0.7` `openmotif >= 2.2.4-21.12` `openmotif-demo >= 2.2.4-21.12` `openmotif-devel >= 2.2.4-21.12` `openmotif-libs >= 2.2.4-21.12` `sax2 >= 7.1-125.37` `sax2-gui >= 1.7-125.37` `sax2-ident >= 1.7-125.38` `sax2-libsax >= 7.1-125.37` `sax2-libsax-devel >= 7.1-125.37` `sax2-libsax-java >= 7.1-125.37` `sax2-libsax-perl >= 7.1-125.37` `sax2-libsax-python >= 7.1-125.37` `sax2-tools >= 2.7-125.37` `tightvnc >= 1.2.9-201.12` `xdg-menu >= 0.2-66.10` `xorg-x11-driver-video >= 6.9.0-46.40` `xorg-x11-driver-video-nvidia >= 6.9.0-46.40` `yast2-control-center >= 2.13.10-0.8` `yast2-qt >= 2.13.82-0.3` `yast2-x11 >= 2.13.13-0.4`	sles10.ia64 sles10.ppc sles10.x86-64 sles10.x86 sles10.s390x ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for IPF	`MozillaFirefox >= 2.0.0.2-2.13` `MozillaFirefox-translations >= 2.0.0.2-2.13` `dejavu >= 2.9-0.10` `desktop-data-NLD >= 10.1-31.24` `mozilla-nss >= 3.11.4-0.7` `mozilla-nss-devel >= 3.11.4-0.7` `mozilla-nss-x86 >= 3.11.4-0.7` `openmotif >= 2.2.4-21.12` `openmotif-demo >= 2.2.4-21.12` `openmotif-devel >= 2.2.4-21.12` `openmotif-libs >= 2.2.4-21.12` `openmotif-libs-x86 >= 2.2.4-21.12` `sax2 >= 7.1-125.37` `sax2-gui >= 1.7-125.37` `sax2-ident >= 1.7-125.38` `sax2-libsax >= 7.1-125.37` `sax2-libsax-devel >= 7.1-125.37` `sax2-libsax-java >= 7.1-125.37` `sax2-libsax-perl >= 7.1-125.37` `sax2-libsax-python >= 7.1-125.37` `sax2-tools >= 2.7-125.37` `tightvnc >= 1.2.9-201.12` `xdg-menu >= 0.2-66.10` `xorg-x11-driver-video >= 6.9.0-46.40` `xorg-x11-driver-video-nvidia >= 6.9.0-46.40` `yast2-control-center >= 2.13.10-0.8` `yast2-qt >= 2.13.82-0.3` `yast2-x11 >= 2.13.13-0.4`	sles10.ia64 sles10.ppc sles10.x86-64 sles10.x86 sles10.s390x ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for IBM POWER	`MozillaFirefox >= 2.0.0.2-2.13` `MozillaFirefox-translations >= 2.0.0.2-2.13` `dejavu >= 2.9-0.10` `desktop-data-NLD >= 10.1-31.24` `mozilla-nss >= 3.11.4-0.7` `mozilla-nss-64bit >= 3.11.4-0.7` `mozilla-nss-devel >= 3.11.4-0.7` `openmotif >= 2.2.4-21.12` `openmotif-demo >= 2.2.4-21.12` `openmotif-devel >= 2.2.4-21.12` `openmotif-devel-64bit >= 2.2.4-21.12` `openmotif-libs >= 2.2.4-21.12` `openmotif-libs-64bit >= 2.2.4-21.12` `sax2 >= 7.1-125.37` `sax2-gui >= 1.7-125.37` `sax2-ident >= 1.7-125.38` `sax2-libsax >= 7.1-125.37` `sax2-libsax-devel >= 7.1-125.37` `sax2-libsax-java >= 7.1-125.37` `sax2-libsax-perl >= 7.1-125.37` `sax2-libsax-python >= 7.1-125.37` `sax2-tools >= 2.7-125.37` `tightvnc >= 1.2.9-201.12` `xdg-menu >= 0.2-66.10` `xorg-x11-driver-video >= 6.9.0-46.40` `xorg-x11-driver-video-nvidia >= 6.9.0-46.40` `yast2-control-center >= 2.13.10-0.8` `yast2-qt >= 2.13.82-0.3` `yast2-x11 >= 2.13.13-0.4`	sles10.ia64 sles10.ppc sles10.x86-64 sles10.x86 sles10.s390x ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit	`MozillaFirefox >= 2.0.0.2-2.13` `MozillaFirefox-translations >= 2.0.0.2-2.13` `dejavu >= 2.9-0.10` `desktop-data-NLD >= 10.1-31.24` `mozilla-nss >= 3.11.4-0.7` `mozilla-nss-32bit >= 3.11.4-0.7` `mozilla-nss-devel >= 3.11.4-0.7` `openmotif >= 2.2.4-21.12` `openmotif-demo >= 2.2.4-21.12` `openmotif-devel >= 2.2.4-21.12` `openmotif-devel-32bit >= 2.2.4-21.12` `openmotif-libs >= 2.2.4-21.12` `openmotif-libs-32bit >= 2.2.4-21.12` `sax2-tools >= 2.7-125.37` `tightvnc >= 1.2.9-201.12` `xdg-menu >= 0.2-66.10` `yast2-control-center >= 2.13.10-0.8` `yast2-qt >= 2.13.82-0.3`	sles10.ia64 sles10.ppc sles10.x86-64 sles10.x86 sles10.s390x ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T	`MozillaFirefox >= 2.0.0.2-2.13` `MozillaFirefox-translations >= 2.0.0.2-2.13` `dejavu >= 2.9-0.10` `desktop-data-NLD >= 10.1-31.24` `mozilla-nss >= 3.11.4-0.7` `mozilla-nss-32bit >= 3.11.4-0.7` `mozilla-nss-devel >= 3.11.4-0.7` `openmotif >= 2.2.4-21.12` `openmotif-demo >= 2.2.4-21.12` `openmotif-devel >= 2.2.4-21.12` `openmotif-devel-32bit >= 2.2.4-21.12` `openmotif-libs >= 2.2.4-21.12` `openmotif-libs-32bit >= 2.2.4-21.12` `sax2 >= 7.1-125.37` `sax2-gui >= 1.7-125.37` `sax2-ident >= 1.7-125.38` `sax2-libsax >= 7.1-125.37` `sax2-libsax-devel >= 7.1-125.37` `sax2-libsax-java >= 7.1-125.37` `sax2-libsax-perl >= 7.1-125.37` `sax2-libsax-python >= 7.1-125.37` `sax2-tools >= 2.7-125.37` `tightvnc >= 1.2.9-201.12` `xdg-menu >= 0.2-66.10` `xorg-x11-driver-video >= 6.9.0-46.40` `xorg-x11-driver-video-nvidia >= 6.9.0-46.40` `yast2-control-center >= 2.13.10-0.8` `yast2-qt >= 2.13.82-0.3` `yast2-x11 >= 2.13.13-0.4`	sles10.ia64 sles10.ppc sles10.x86-64 sles10.x86 sles10.s390x ZYPP Patch Nr: 2777

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy