Launchpad.net

CVE 2007-0776

Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

Related bugs and status

CVE-2007-0776 (Candidate) is related to these bugs:

Bug #88981: Please update mozilla-thunderbird to 1.5.0.10

		In	Importance	Status
88981	Please update mozilla-thunderbird to 1.5.0.10	mozilla-thunderbird (Ubuntu)	Undecided	Fix Released
88981	Please update mozilla-thunderbird to 1.5.0.10	mozilla-thunderbird (Ubuntu Breezy)	Undecided	Fix Released
88981	Please update mozilla-thunderbird to 1.5.0.10	mozilla-thunderbird (Ubuntu Dapper)	Undecided	Fix Released
88981	Please update mozilla-thunderbird to 1.5.0.10	mozilla-thunderbird (Ubuntu Edgy)	Undecided	Fix Released
88981	Please update mozilla-thunderbird to 1.5.0.10	mozilla-thunderbird (Ubuntu Feisty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
MISC: https://bugzilla.mozil...
FEDORA: FEDORA-2007-281
UBUNTU: USN-428-1
BID: 22694
SECTRACK: 1017698
SECUNIA: 24238
SECUNIA: 24252
SECUNIA: 24205
SECUNIA: 24328
CONFIRM: https://issues.rpath.c...
FEDORA: FEDORA-2007-293
GENTOO: GLSA-200703-04
CERT-VN: VU#551436
SECUNIA: 24333
SECUNIA: 24320
SECUNIA: 24293
SECUNIA: 24393
MANDRIVA: MDKSA-2007:052
SUSE: SUSE-SA:2007:019
UBUNTU: USN-431-1
SECUNIA: 24384
SECUNIA: 24389
SECUNIA: 24410
GENTOO: GLSA-200703-08
GENTOO: GLSA-200703-18
SECUNIA: 24437
SECUNIA: 24522
FEDORA: FEDORA-2007-308
FEDORA: FEDORA-2007-309
SUSE: SUSE-SA:2007:022
SECUNIA: 24406
SECUNIA: 24455
SECUNIA: 24456
SECUNIA: 24457
OSVDB: 32113
HP: HPSBUX02153
HP: SSRT061181
VUPEN: ADV-2007-0719
VUPEN: ADV-2007-0718
VUPEN: ADV-2008-0083
SLACKWARE: SSA:2007-066-03
SLACKWARE: SSA:2007-066-04
SLACKWARE: SSA:2007-066-05
XF: firefox-strokewidth-bo...
BUGTRAQ: 20070226 rPSA-2007-004...
BUGTRAQ: 20070303 rPSA-2007-004...