{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3135?format=json","vulnerability_id":"VCID-14af-4kn2-zbde","summary":"iDefense \nhas informed Mozilla about two potential buffer overflow\nvulnerabilities found by researcher regenrecht\nin the Network Security Services (NSS) code for processing \nthe SSLv2 protocol.SSL clients such as Firefox and Thunderbird can suffer\na buffer overflow if a malicious server presents a certificate\nwith a public key that is too small to encrypt the entire\n\"Master Secret\". Exploiting this overflow appears to be\nunreliable but possible if the SSLv2 protocol is enabled.Servers that use NSS \nfor the SSLv2 protocol can be exploited by\na client that presents a \"Client Master Key\" with invalid length\nvalues in any of several fields that are used without adequate\nerror checking. This can lead to a buffer overflow that\npresumably could be exploitable.Support for SSLv2 is disabled in Firefox 2 due to other known\nweaknesses in the protocol; Firefox 2 is not vulnerable unless\nthe user has modified hidden internal NSS settings to\nre-enable SSLv2 support.","aliases":[{"alias":"CVE-2007-0009"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/505856?format=json","purl":"pkg:ebuild/dev-libs/nss@3.11.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.11.5"},{"url":"http://public2.vulnerablecode.io/api/packages/194757?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird@1.5.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@1.5.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/194758?format=json","purl":"pkg:ebuild/mail-client/mozilla-thunderbird-bin@1.5.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@1.5.0.10"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/187116?format=json","purl":"pkg:rpm/redhat/devhelp@0.10-0.7?arch=el4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-hbzv-jkrg-nudr"},{"vulnerability":"VCID-j9da-akma-yfbq"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-vnz7-xw1b-6bdx"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/devhelp@0.10-0.7%3Farch=el4"},{"url":"http://public2.vulnerablecode.io/api/packages/187117?format=json","purl":"pkg:rpm/redhat/devhelp@0.12-10.0.1?arch=el5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-hbzv-jkrg-nudr"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/devhelp@0.12-10.0.1%3Farch=el5"},{"url":"http://public2.vulnerablecode.io/api/packages/187122?format=json","purl":"pkg:rpm/redhat/firefox@1.5.0.10-0.1?arch=el4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-hbzv-jkrg-nudr"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-vnz7-xw1b-6bdx"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@1.5.0.10-0.1%3Farch=el4"},{"url":"http://public2.vulnerablecode.io/api/packages/187123?format=json","purl":"pkg:rpm/redhat/firefox@1.5.0.10-2?arch=el5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-hbzv-jkrg-nudr"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@1.5.0.10-2%3Farch=el5"},{"url":"http://public2.vulnerablecode.io/api/packages/187119?format=json","purl":"pkg:rpm/redhat/seamonkey@1.0.8-0.2?arch=el2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-hbzv-jkrg-nudr"},{"vulnerability":"VCID-j9da-akma-yfbq"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-vnz7-xw1b-6bdx"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/seamonkey@1.0.8-0.2%3Farch=el2"},{"url":"http://public2.vulnerablecode.io/api/packages/187120?format=json","purl":"pkg:rpm/redhat/seamonkey@1.0.8-0.2?arch=el3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-hbzv-jkrg-nudr"},{"vulnerability":"VCID-j9da-akma-yfbq"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-vnz7-xw1b-6bdx"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/seamonkey@1.0.8-0.2%3Farch=el3"},{"url":"http://public2.vulnerablecode.io/api/packages/187121?format=json","purl":"pkg:rpm/redhat/seamonkey@1.0.8-0.2?arch=el4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-hbzv-jkrg-nudr"},{"vulnerability":"VCID-j9da-akma-yfbq"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-vnz7-xw1b-6bdx"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/seamonkey@1.0.8-0.2%3Farch=el4"},{"url":"http://public2.vulnerablecode.io/api/packages/187125?format=json","purl":"pkg:rpm/redhat/thunderbird@1.5.0.10-0.1?arch=el4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-j9da-akma-yfbq"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-vnz7-xw1b-6bdx"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@1.5.0.10-0.1%3Farch=el4"},{"url":"http://public2.vulnerablecode.io/api/packages/187124?format=json","purl":"pkg:rpm/redhat/thunderbird@1.5.0.10-1?arch=el5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-j9da-akma-yfbq"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@1.5.0.10-1%3Farch=el5"},{"url":"http://public2.vulnerablecode.io/api/packages/187118?format=json","purl":"pkg:rpm/redhat/yelp@2.16.0-14.0.1?arch=el5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14af-4kn2-zbde"},{"vulnerability":"VCID-1j51-1nhr-53fd"},{"vulnerability":"VCID-94fg-bbsu-nfbk"},{"vulnerability":"VCID-f2kp-75dy-juep"},{"vulnerability":"VCID-ffnp-4cx7-4ucu"},{"vulnerability":"VCID-gpay-hcxj-3uf7"},{"vulnerability":"VCID-hbzv-jkrg-nudr"},{"vulnerability":"VCID-k47t-q8b3-7uer"},{"vulnerability":"VCID-ppd4-9vpc-rkg4"},{"vulnerability":"VCID-rxjp-56cu-r7c2"},{"vulnerability":"VCID-t7af-aka8-jyhj"},{"vulnerability":"VCID-w2zu-gxse-cff6"},{"vulnerability":"VCID-z446-q57n-rqhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/yelp@2.16.0-14.0.1%3Farch=el5"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0009.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0009","reference_id":"","reference_type":"","scores":[{"value":"0.49542","scoring_system":"epss","scoring_elements":"0.97852","published_at":"2026-06-04T12:55:00Z"},{"value":"0.49542","scoring_system":"epss","scoring_elements":"0.97856","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0009"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=565576","reference_id":"565576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=565576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009","reference_id":"CVE-2007-0009","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009"},{"reference_url":"https://security.gentoo.org/glsa/200703-18","reference_id":"GLSA-200703-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-18"},{"reference_url":"https://security.gentoo.org/glsa/200703-22","reference_id":"GLSA-200703-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2007-06","reference_id":"mfsa2007-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2007-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0077","reference_id":"RHSA-2007:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0078","reference_id":"RHSA-2007:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0079","reference_id":"RHSA-2007:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0097","reference_id":"RHSA-2007:0097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0108","reference_id":"RHSA-2007:0108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0108"},{"reference_url":"https://usn.ubuntu.com/428-1/","reference_id":"USN-428-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/428-1/"},{"reference_url":"https://usn.ubuntu.com/431-1/","reference_id":"USN-431-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/431-1/"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14af-4kn2-zbde"}