Published: 07/08/2013 Updated: 19/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox prior to 23.0 and SeaMonkey prior to 2.20 allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla seamonkey 2.18
mozilla seamonkey
mozilla seamonkey 2.0
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.3
mozilla seamonkey 2.1
mozilla seamonkey 2.10
mozilla seamonkey 2.11
mozilla seamonkey 2.12
mozilla seamonkey 2.13
mozilla seamonkey 2.14
mozilla seamonkey 2.15
mozilla seamonkey 2.15.1
mozilla seamonkey 2.15.2
mozilla seamonkey 2.16.1
mozilla seamonkey 2.16.2
mozilla seamonkey 2.2
mozilla seamonkey 2.3.3
mozilla seamonkey 2.4
mozilla seamonkey 2.5
mozilla seamonkey 2.6.1
mozilla seamonkey 2.7
mozilla seamonkey 2.8
mozilla seamonkey 2.9
mozilla seamonkey 2.19
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla seamonkey 2.10.1
mozilla seamonkey 2.16
mozilla seamonkey 2.17
mozilla seamonkey 2.3
mozilla seamonkey 2.4.1
mozilla seamonkey 2.6
mozilla seamonkey 2.20
mozilla seamonkey 2.17.1
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.5
mozilla seamonkey 2.12.1
mozilla seamonkey 2.13.1
mozilla seamonkey 2.13.2
mozilla seamonkey 2.9.1
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla seamonkey 2.3.1
mozilla seamonkey 2.3.2
mozilla seamonkey 2.7.1
mozilla seamonkey 2.7.2
mozilla firefox 19.0.1
mozilla firefox 19.0.2
mozilla firefox 20.0
mozilla firefox 20.0.1
mozilla firefox 21.0
mozilla firefox
mozilla firefox 19.0

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

This update provides compatible packages for Firefox 23 ...

Mozilla Foundation Security Advisory 2013-65 Buffer underflow when generating CRMF requests Announced August 6, 2013 Reporter Nils Impact Critical Products Firefox, SeaMonkey Fixed in ...

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 230 and SeaMonkey before 220 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request ...

CWE-119 http://www.mozilla.org/security/announce/2013/mfsa2013-65.html https://bugzilla.mozilla.org/show_bug.cgi?id=882865 http://lists.opensuse.org/opensuse-updates/2013-09/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18935 https://nvd.nist.gov https://usn.ubuntu.com/1924-1/https://access.redhat.com/security/cve/cve-2013-1705

CVE-2013-1705

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect