{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Firefox 1.5.0.9 et versions ant\u00e9rieures ;","product":{"name":"Firefox","vendor":{"name":"Mozilla","scada":false}}},{"description":"Network Security Services 3.11.4 et versions ant\u00e9rieures.","product":{"name":"N/A","vendor":{"name":"Mozilla","scada":false}}},{"description":"Seamonkey 1.0.7 et versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"Mozilla","scada":false}}},{"description":"Thunderbird 1.5.0.9 et versions ant\u00e9rieures ;","product":{"name":"Thunderbird","vendor":{"name":"Mozilla","scada":false}}},{"description":"Firefox 2.0.0.1 et versions ant\u00e9rieures ;","product":{"name":"Firefox","vendor":{"name":"Mozilla","scada":false}}}],"affected_systems_content":"","content":"## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits de\nMozilla. L'exploitation de ces vuln\u00e9rabilit\u00e9s peut se faire de\ndiff\u00e9rentes fa\u00e7ons (script hostile, boite de dialogue malform\u00e9e,\ncertificats malform\u00e9s, etc.) et permet \u00e0 des utilisateurs\nmalintentionn\u00e9s de provoquer un d\u00e9ni de service, d'ex\u00e9cuter du code\narbitraire ou d'obtenir des droits \u00e9lev\u00e9s sur la machine victime.\n\n## Solution\n\nLes versions suivantes corrigent les probl\u00e8mes :\n\n-   Firefox 1.5.0.10 ;\n-   Firefox 2.0.0.2 ;\n-   Thunderbird 1.5.0.10 ;\n-   Seamonkey 1.0.8 ;\n-   Network Security Services 3.11.5.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n\n  \n  \n\nLa branche de d\u00e9veloppement 1.5.x de Firefox ne sera plus maintenue\nau-del\u00e0 du 24 avril 2007.\n","cves":[{"name":"CVE-2007-0981","url":"https://www.cve.org/CVERecord?id=CVE-2007-0981"},{"name":"CVE-2007-0779","url":"https://www.cve.org/CVERecord?id=CVE-2007-0779"},{"name":"CVE-2007-0008","url":"https://www.cve.org/CVERecord?id=CVE-2007-0008"},{"name":"CVE-2007-0800","url":"https://www.cve.org/CVERecord?id=CVE-2007-0800"},{"name":"CVE-2007-0009","url":"https://www.cve.org/CVERecord?id=CVE-2007-0009"},{"name":"CVE-2006-6077","url":"https://www.cve.org/CVERecord?id=CVE-2006-6077"},{"name":"CVE-2007-0776","url":"https://www.cve.org/CVERecord?id=CVE-2007-0776"},{"name":"CVE-2007-0780","url":"https://www.cve.org/CVERecord?id=CVE-2007-0780"},{"name":"CVE-2007-0995","url":"https://www.cve.org/CVERecord?id=CVE-2007-0995"},{"name":"CVE-2007-0775","url":"https://www.cve.org/CVERecord?id=CVE-2007-0775"},{"name":"CVE-2007-0777","url":"https://www.cve.org/CVERecord?id=CVE-2007-0777"},{"name":"CVE-2007-0778","url":"https://www.cve.org/CVERecord?id=CVE-2007-0778"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-3 du 23 f\u00e9vrier 2007","url":"http://www.mozilla.org/security/announce/2007/mfsa2007-003.html"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Gentoo GLSA-200703-08 du 09 mars 2007","url":"http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-1 du 23 f\u00e9vrier 2007","url":"http://www.mozilla.org/security/announce/2007/mfsa2007-001.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-2 du 23 f\u00e9vrier 2007","url":"http://www.mozilla.org/security/announce/2007/mfsa2007-002.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-5 du 23 f\u00e9vrier 2007","url":"http://www.mozilla.org/security/announce/2007/mfsa2007-005.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-6 du 23 f\u00e9vrier 2007","url":"http://www.mozilla.org/security/announce/2007/mfsa2007-006.html"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Red Hat RHSA-2007:0078 du 02 mars  2007","url":"http://rhn.redhat.com/errata/RHSA-2007-0078.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-7 du 23 f\u00e9vrier 2007","url":"http://www.mozilla.org/security/announce/2007/mfsa2007-007.html"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Gentoo GLSA-200703-22 du 20 mars 2007","url":"http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:022 du 20 mars 2007","url":"http://lists.suse.com/archive/suse-security-announce/2007-Mar/0006.html"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Red Hat RHSA-2007:0079 du 23 f\u00e9vrier 2007","url":"http://rhn.redhat.com/errata/RHSA-2007-0079.html"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Mandriva MDKSA-2007:050 du 28 f\u00e9vrier 2007","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Ubuntu USN-428-1 du 26 f\u00e9vrier 2007","url":"http://www.ubuntu.com/usn/usn-428-1"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Red Hat RHSA-2007:0077 du 23 f\u00e9vrier 2007","url":"http://rhn.redhat.com/errata/RHSA-2007-0077.html"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Gentoo GLSA-200703-18 du 16 mars 2007","url":"http://www.gentoo.org/security/en/glsa/glsa-200703-18.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-8 du 23 f\u00e9vrier 2007","url":"http://www.mozilla.org/security/announce/2007/mfsa2007-008.html"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Mandriva MDKSA-2007:050-1 du 02 mars 2007","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:050-1"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Gentoo GLSA-200703-04 du 02 mars 2007","url":"http://www.gentoo.org/security/en/glsa-200703-04.xml"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Ubuntu USN-428-2 du 02 mars 2007","url":"http://www.ubuntu.com/usn/usn-428-2"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 Ubuntu USN-431-1 du 07 mars 2007","url":"http://www.ubuntu.com/usn/usn-431-1"},{"title":"Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-4 du 23 f\u00e9vrier 2007","url":"http://www.mozilla.org/security/announce/2007/mfsa2007-004.html"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:019 du 06 mars 2007 :","url":"http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}],"reference":"CERTA-2007-AVI-102","revisions":[{"description":"version initiale.","revision_date":"2007-02-26T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence \u00e0 la mise \u00e0 jour de s\u00e9curit\u00e9 Red Hat.","revision_date":"2007-03-05T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux mises \u00e0 jour de s\u00e9curit\u00e9 Ubuntu, Gentoo, SuSE, Mandriva.","revision_date":"2007-03-13T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux mises \u00e0 jour de s\u00e9curit\u00e9 Ubuntu, Gentoo, SuSE, Mandriva, Red Hat.","revision_date":"2007-03-27T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s sur les produits <span\nclass=\"textit\">Mozilla</span> cit\u00e9s ci-dessus permettraient le\ncontournement de la politique de s\u00e9curit\u00e9, l'atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es ou l'ex\u00e9cution de code arbitraire \u00e0\ndistance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s de produits Mozilla","vendor_advisories":[{"published_at":"2007-02-26","title":"Notes de mises \u00e0 jour de Firefox 2.0.0.2","url":"None"},{"published_at":"2007-02-26","title":"Notes de mises \u00e0 jour de Seamonkey 1.0.8","url":"None"},{"published_at":"2007-02-26","title":"Notes de mises \u00e0 jour de Thunderbird 1.5.0.10","url":"None"}]}