Novell Home

CVE-2007-0776

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2007-0776 at MITRE

Description

Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 244923

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.1
  • seamonkey >= 1.0.8-0.1
  • seamonkey-calendar >= 1.0.8-0.1
  • seamonkey-dom-inspector >= 1.0.8-0.1
  • seamonkey-irc >= 1.0.8-0.1
  • seamonkey-mail >= 1.0.8-0.1
  • seamonkey-spellchecker >= 1.0.8-0.1
  • seamonkey-venkman >= 1.0.8-0.1
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • MozillaFirefox >= 1.5.0.10-0.2
  • MozillaFirefox-translations >= 1.5.0.10-0.2
Builds
YOU Patch Nr: 11446
SUSE LINUX 10.1
  • MozillaThunderbird >= 1.5.0.10-1.1
  • MozillaThunderbird-translations >= 1.5.0.10-1.1
SUSE LINUX 10.0
SUSE LINUX 9.3
  • MozillaThunderbird >= 1.5.0.10-1.1
Novell Linux Desktop 9 for x86
  • mozilla >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-cs >= 1.8_seamonkey_1.0.4-0.4
  • mozilla-deat >= 1.8_seamonkey_1.0.4-0.4
  • mozilla-devel >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-hu >= 1.80_seamonkey_1.0.4-2
  • mozilla-irc >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-mail >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1
core9.s390
core9.x86
YOU Patch Nr: 11458
Novell Linux Desktop 9 for x86_64
  • mozilla >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-cs >= 1.8_seamonkey_1.0.4-0.4
  • mozilla-deat >= 1.8_seamonkey_1.0.4-0.4
  • mozilla-devel >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-hu >= 1.80_seamonkey_1.0.4-2
  • mozilla-irc >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-lib64 >= 1.6-0.8
  • mozilla-mail >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1
core9.s390
core9.x86
YOU Patch Nr: 11458
Open Enterprise Server
  • mozilla >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-calendar >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-cs >= 1.8_seamonkey_1.0.4-0.4
  • mozilla-deat >= 1.8_seamonkey_1.0.4-0.4
  • mozilla-devel >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-hu >= 1.80_seamonkey_1.0.4-2
  • mozilla-irc >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-mail >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1
core9.s390
core9.x86
YOU Patch Nr: 11458
SUSE LINUX 10.0
SUSE LINUX 10.1
SUSE LINUX 9.3
  • MozillaFirefox >= 1.5.0.10-0.2
  • MozillaFirefox-translations >= 1.5.0.10-0.2
SUSE LINUX 10.0
  • mozilla >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-calendar >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-devel >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-irc >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-ko >= 1.75-3.2
  • mozilla-mail >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-spellchecker >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-zh-CN >= 1.7-6.2
  • mozilla-zh-TW >= 1.7-6.2
SUSE LINUX 9.3
  • galeon >= 2.0.0-28.2
  • mozilla >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-32bit >= 9.3-7.6
  • mozilla-calendar >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-devel >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-irc >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-ko >= 1.72-4.2
  • mozilla-mail >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-spellchecker >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-venkman >= 1.8_seamonkey_1.0.8-0.1
  • mozilla-zh-CN >= 1.7-4.2
  • mozilla-zh-TW >= 1.7-4.2
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • mozilla >= 1.8_seamonkey_1.0.8-0.3
  • mozilla-calendar >= 1.8_seamonkey_1.0.8-0.3
  • mozilla-devel >= 1.8_seamonkey_1.0.8-0.3
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.8-0.3
  • mozilla-irc >= 1.8_seamonkey_1.0.8-0.3
  • mozilla-mail >= 1.8_seamonkey_1.0.8-0.3
  • mozilla-spellchecker >= 1.8_seamonkey_1.0.8-0.3
  • mozilla-venkman >= 1.8_seamonkey_1.0.8-0.3
  • mozilla-xmlterm >= 1.8_seamonkey_1.0.8-0.3
slrs8.x86
ul1.s390
YOU Patch Nr: 11459
SUSE Linux Enterprise Desktop 10 SP1 for x86
  • MozillaFirefox >= 2.0.0.2-2.13
  • MozillaFirefox-translations >= 2.0.0.2-2.13
  • dejavu >= 2.9-0.10
  • desktop-data-NLD >= 10.1-31.24
  • mozilla-nss >= 3.11.4-0.7
  • mozilla-nss-devel >= 3.11.4-0.7
  • mozilla-nss-tools >= 3.11.4-0.7
  • openmotif-libs >= 2.2.4-21.12
  • sax2 >= 7.1-125.37
  • sax2-gui >= 1.7-125.37
  • sax2-ident >= 1.7-125.38
  • sax2-libsax >= 7.1-125.37
  • sax2-libsax-csharp >= 7.1-121.37
  • sax2-libsax-perl >= 7.1-125.37
  • sax2-tools >= 2.7-125.37
  • tightvnc >= 1.2.9-201.12
  • xdg-menu >= 0.2-66.10
  • xorg-x11-driver-video >= 6.9.0-46.40
  • xorg-x11-driver-video-nvidia >= 6.9.0-46.40
  • yast2-control-center >= 2.13.10-0.8
  • yast2-qt >= 2.13.82-0.3
  • yast2-x11 >= 2.13.13-0.4
sles10.ia64
sles10.ppc
sles10.x86-64
sles10.x86
sles10.s390x
ZYPP Patch Nr: 2777
SUSE Linux Enterprise Desktop 10 SP1 for AMD64 and Intel EM64T
  • MozillaFirefox >= 2.0.0.2-2.13
  • MozillaFirefox-translations >= 2.0.0.2-2.13
  • dejavu >= 2.9-0.10
  • desktop-data-NLD >= 10.1-31.24
  • mozilla-nss >= 3.11.4-0.7
  • mozilla-nss-32bit >= 3.11.4-0.7
  • mozilla-nss-devel >= 3.11.4-0.7
  • mozilla-nss-tools >= 3.11.4-0.7
  • openmotif-libs >= 2.2.4-21.12
  • openmotif-libs-32bit >= 2.2.4-21.12
  • sax2 >= 7.1-125.37
  • sax2-gui >= 1.7-125.37
  • sax2-ident >= 1.7-125.38
  • sax2-libsax >= 7.1-125.37
  • sax2-libsax-csharp >= 7.1-121.37
  • sax2-libsax-perl >= 7.1-125.37
  • sax2-tools >= 2.7-125.37
  • tightvnc >= 1.2.9-201.12
  • xdg-menu >= 0.2-66.10
  • xorg-x11-driver-video >= 6.9.0-46.40
  • xorg-x11-driver-video-nvidia >= 6.9.0-46.40
  • yast2-control-center >= 2.13.10-0.8
  • yast2-qt >= 2.13.82-0.3
  • yast2-x11 >= 2.13.13-0.4
sles10.ia64
sles10.ppc
sles10.x86-64
sles10.x86
sles10.s390x
ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for x86
  • MozillaFirefox >= 2.0.0.2-2.13
  • MozillaFirefox-translations >= 2.0.0.2-2.13
  • dejavu >= 2.9-0.10
  • desktop-data-NLD >= 10.1-31.24
  • mozilla-nss >= 3.11.4-0.7
  • mozilla-nss-devel >= 3.11.4-0.7
  • openmotif >= 2.2.4-21.12
  • openmotif-demo >= 2.2.4-21.12
  • openmotif-devel >= 2.2.4-21.12
  • openmotif-libs >= 2.2.4-21.12
  • sax2 >= 7.1-125.37
  • sax2-gui >= 1.7-125.37
  • sax2-ident >= 1.7-125.38
  • sax2-libsax >= 7.1-125.37
  • sax2-libsax-devel >= 7.1-125.37
  • sax2-libsax-java >= 7.1-125.37
  • sax2-libsax-perl >= 7.1-125.37
  • sax2-libsax-python >= 7.1-125.37
  • sax2-tools >= 2.7-125.37
  • tightvnc >= 1.2.9-201.12
  • xdg-menu >= 0.2-66.10
  • xorg-x11-driver-video >= 6.9.0-46.40
  • xorg-x11-driver-video-nvidia >= 6.9.0-46.40
  • yast2-control-center >= 2.13.10-0.8
  • yast2-qt >= 2.13.82-0.3
  • yast2-x11 >= 2.13.13-0.4
sles10.ia64
sles10.ppc
sles10.x86-64
sles10.x86
sles10.s390x
ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for IPF
  • MozillaFirefox >= 2.0.0.2-2.13
  • MozillaFirefox-translations >= 2.0.0.2-2.13
  • dejavu >= 2.9-0.10
  • desktop-data-NLD >= 10.1-31.24
  • mozilla-nss >= 3.11.4-0.7
  • mozilla-nss-devel >= 3.11.4-0.7
  • mozilla-nss-x86 >= 3.11.4-0.7
  • openmotif >= 2.2.4-21.12
  • openmotif-demo >= 2.2.4-21.12
  • openmotif-devel >= 2.2.4-21.12
  • openmotif-libs >= 2.2.4-21.12
  • openmotif-libs-x86 >= 2.2.4-21.12
  • sax2 >= 7.1-125.37
  • sax2-gui >= 1.7-125.37
  • sax2-ident >= 1.7-125.38
  • sax2-libsax >= 7.1-125.37
  • sax2-libsax-devel >= 7.1-125.37
  • sax2-libsax-java >= 7.1-125.37
  • sax2-libsax-perl >= 7.1-125.37
  • sax2-libsax-python >= 7.1-125.37
  • sax2-tools >= 2.7-125.37
  • tightvnc >= 1.2.9-201.12
  • xdg-menu >= 0.2-66.10
  • xorg-x11-driver-video >= 6.9.0-46.40
  • xorg-x11-driver-video-nvidia >= 6.9.0-46.40
  • yast2-control-center >= 2.13.10-0.8
  • yast2-qt >= 2.13.82-0.3
  • yast2-x11 >= 2.13.13-0.4
sles10.ia64
sles10.ppc
sles10.x86-64
sles10.x86
sles10.s390x
ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for IBM POWER
  • MozillaFirefox >= 2.0.0.2-2.13
  • MozillaFirefox-translations >= 2.0.0.2-2.13
  • dejavu >= 2.9-0.10
  • desktop-data-NLD >= 10.1-31.24
  • mozilla-nss >= 3.11.4-0.7
  • mozilla-nss-64bit >= 3.11.4-0.7
  • mozilla-nss-devel >= 3.11.4-0.7
  • openmotif >= 2.2.4-21.12
  • openmotif-demo >= 2.2.4-21.12
  • openmotif-devel >= 2.2.4-21.12
  • openmotif-devel-64bit >= 2.2.4-21.12
  • openmotif-libs >= 2.2.4-21.12
  • openmotif-libs-64bit >= 2.2.4-21.12
  • sax2 >= 7.1-125.37
  • sax2-gui >= 1.7-125.37
  • sax2-ident >= 1.7-125.38
  • sax2-libsax >= 7.1-125.37
  • sax2-libsax-devel >= 7.1-125.37
  • sax2-libsax-java >= 7.1-125.37
  • sax2-libsax-perl >= 7.1-125.37
  • sax2-libsax-python >= 7.1-125.37
  • sax2-tools >= 2.7-125.37
  • tightvnc >= 1.2.9-201.12
  • xdg-menu >= 0.2-66.10
  • xorg-x11-driver-video >= 6.9.0-46.40
  • xorg-x11-driver-video-nvidia >= 6.9.0-46.40
  • yast2-control-center >= 2.13.10-0.8
  • yast2-qt >= 2.13.82-0.3
  • yast2-x11 >= 2.13.13-0.4
sles10.ia64
sles10.ppc
sles10.x86-64
sles10.x86
sles10.s390x
ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit
  • MozillaFirefox >= 2.0.0.2-2.13
  • MozillaFirefox-translations >= 2.0.0.2-2.13
  • dejavu >= 2.9-0.10
  • desktop-data-NLD >= 10.1-31.24
  • mozilla-nss >= 3.11.4-0.7
  • mozilla-nss-32bit >= 3.11.4-0.7
  • mozilla-nss-devel >= 3.11.4-0.7
  • openmotif >= 2.2.4-21.12
  • openmotif-demo >= 2.2.4-21.12
  • openmotif-devel >= 2.2.4-21.12
  • openmotif-devel-32bit >= 2.2.4-21.12
  • openmotif-libs >= 2.2.4-21.12
  • openmotif-libs-32bit >= 2.2.4-21.12
  • sax2-tools >= 2.7-125.37
  • tightvnc >= 1.2.9-201.12
  • xdg-menu >= 0.2-66.10
  • yast2-control-center >= 2.13.10-0.8
  • yast2-qt >= 2.13.82-0.3
sles10.ia64
sles10.ppc
sles10.x86-64
sles10.x86
sles10.s390x
ZYPP Patch Nr: 2777
SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T
  • MozillaFirefox >= 2.0.0.2-2.13
  • MozillaFirefox-translations >= 2.0.0.2-2.13
  • dejavu >= 2.9-0.10
  • desktop-data-NLD >= 10.1-31.24
  • mozilla-nss >= 3.11.4-0.7
  • mozilla-nss-32bit >= 3.11.4-0.7
  • mozilla-nss-devel >= 3.11.4-0.7
  • openmotif >= 2.2.4-21.12
  • openmotif-demo >= 2.2.4-21.12
  • openmotif-devel >= 2.2.4-21.12
  • openmotif-devel-32bit >= 2.2.4-21.12
  • openmotif-libs >= 2.2.4-21.12
  • openmotif-libs-32bit >= 2.2.4-21.12
  • sax2 >= 7.1-125.37
  • sax2-gui >= 1.7-125.37
  • sax2-ident >= 1.7-125.38
  • sax2-libsax >= 7.1-125.37
  • sax2-libsax-devel >= 7.1-125.37
  • sax2-libsax-java >= 7.1-125.37
  • sax2-libsax-perl >= 7.1-125.37
  • sax2-libsax-python >= 7.1-125.37
  • sax2-tools >= 2.7-125.37
  • tightvnc >= 1.2.9-201.12
  • xdg-menu >= 0.2-66.10
  • xorg-x11-driver-video >= 6.9.0-46.40
  • xorg-x11-driver-video-nvidia >= 6.9.0-46.40
  • yast2-control-center >= 2.13.10-0.8
  • yast2-qt >= 2.13.82-0.3
  • yast2-x11 >= 2.13.13-0.4
sles10.ia64
sles10.ppc
sles10.x86-64
sles10.x86
sles10.s390x
ZYPP Patch Nr: 2777

© 2014 Novell