Published: 03/04/2013 Updated: 21/12/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox prior to 20.0, Firefox ESR 17.x prior to 17.0.5, Thunderbird prior to 17.0.5, Thunderbird ESR 17.x prior to 17.0.5, SeaMonkey prior to 2.17, and other products, allows remote malicious users to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla thunderbird
mozilla seamonkey
mozilla thunderbird esr
mozilla firefox esr
mozilla firefox
mozilla network security services
canonical ubuntu linux 11.10
canonical ubuntu linux 12.10
canonical ubuntu linux 10.04
canonical ubuntu linux 12.04
oracle vm server 3.2
redhat enterprise linux server 5.0
redhat enterprise linux workstation 5.0
redhat enterprise linux desktop 6.0
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux desktop 5.0
redhat enterprise linux server aus 5.9
redhat enterprise linux eus 5.9

Synopsis Moderate: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Moderate Topic An updated rhev-hypervisor6 package that fixes three security issues andvarious bugs is now availableThe Red Hat Security Response Team has rated this update as having moderatesecurity impact Co ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

This update provides a compatible version of Unity Firefox Extension for Firefox 20 ...

Mozilla Foundation Security Advisory 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage Announced April 2, 2013 Reporter Ambroz Bizjak Impact Moderate Products Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbir ...

It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle (CVE-2013-1620) An out-of-bounds memory read f ...

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 200, Firefox ESR 17x before 1705, Thunderbird before 1705, Thunderbird ESR 17x before 1705, SeaMonkey before 217, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corrupti ...

CWE-119 https://bugzilla.mozilla.org/show_bug.cgi?id=629816 http://www.mozilla.org/security/announce/2013/mfsa2013-40.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://www.ubuntu.com/usn/USN-1791-1 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-1135.html http://rhn.redhat.com/errata/RHSA-2013-1144.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/58826 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150 https://access.redhat.com/errata/RHSA-2013:1181 https://nvd.nist.gov https://usn.ubuntu.com/1786-1/https://access.redhat.com/security/cve/cve-2013-0791

CVE-2013-0791

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect