Vulnerability CVE-2013-5607
Published: 2013-11-20   Modified: 2013-11-21

Description:
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

Type:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mozilla -> Firefox 
Mozilla -> Firefox esr 
Mozilla -> Netscape portable runtime 
Mozilla -> Seamonkey 

 References:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html
http://rhn.redhat.com/errata/RHSA-2013-1791.html
http://rhn.redhat.com/errata/RHSA-2013-1829.html
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://www.debian.org/security/2013/dsa-2820
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/63802
http://www.ubuntu.com/usn/USN-2031-1
http://www.ubuntu.com/usn/USN-2032-1
http://www.ubuntu.com/usn/USN-2087-1
https://bugzilla.mozilla.org/show_bug.cgi?id=927687
https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ
https://security.gentoo.org/glsa/201504-01
Copyright 2024, cxsecurity.com

 

Back to Top