Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2013-5607

Published: 20/11/2013 Updated: 09/01/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mozilla

Vulnerability Summary

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) prior to 4.10.2, as used in Firefox prior to 25.0.1, Firefox ESR 17.x prior to 17.0.11 and 24.x prior to 24.1.1, and SeaMonkey prior to 2.22.1, allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla netscape portable runtime 4.9.6

mozilla netscape portable runtime 4.9.5

mozilla netscape portable runtime 4.8.8

mozilla netscape portable runtime 4.8.7

mozilla netscape portable runtime

mozilla netscape portable runtime 4.10

mozilla netscape portable runtime 4.9

mozilla netscape portable runtime 4.8.9

mozilla netscape portable runtime 4.8.2

mozilla netscape portable runtime 4.8

mozilla netscape portable runtime 4.9.2

mozilla netscape portable runtime 4.9.1

mozilla netscape portable runtime 4.8.4

mozilla netscape portable runtime 4.8.3

mozilla netscape portable runtime 4.7.2

mozilla netscape portable runtime 4.7.1

mozilla netscape portable runtime 4.7

mozilla netscape portable runtime 4.6.2

mozilla netscape portable runtime 4.6.1

mozilla netscape portable runtime 4.1.2

mozilla netscape portable runtime 4.1.1

mozilla netscape portable runtime 4.7.6

mozilla netscape portable runtime 4.7.5

mozilla netscape portable runtime 4.6.6

mozilla netscape portable runtime 4.6.5

mozilla netscape portable runtime 4.4.1

mozilla netscape portable runtime 4.3

mozilla netscape portable runtime 4.9.4

mozilla netscape portable runtime 4.9.3

mozilla netscape portable runtime 4.8.6

mozilla netscape portable runtime 4.8.5

mozilla netscape portable runtime 4.7.4

mozilla netscape portable runtime 4.7.3

mozilla netscape portable runtime 4.6.4

mozilla netscape portable runtime 4.6.3

mozilla netscape portable runtime 4.2

mozilla netscape portable runtime 4.2.2

mozilla netscape portable runtime 4.6.8

mozilla netscape portable runtime 4.6.7

mozilla netscape portable runtime 4.6

mozilla netscape portable runtime 4.5.1

mozilla seamonkey 2.14

mozilla seamonkey 2.13

mozilla seamonkey 2.12

mozilla seamonkey 2.11

mozilla seamonkey 2.10

mozilla seamonkey 2.1

mozilla seamonkey 2.0.3

mozilla seamonkey 2.0.2

mozilla seamonkey 2.0

mozilla seamonkey 2.20

mozilla seamonkey 2.18

mozilla seamonkey 2.16.2

mozilla seamonkey 2.16.1

mozilla seamonkey 2.15.2

mozilla seamonkey 2.15.1

mozilla seamonkey 2.15

mozilla seamonkey 2.21

mozilla seamonkey 2.10.1

mozilla seamonkey 2.0.7

mozilla seamonkey 2.0.6

mozilla seamonkey 2.0.12

mozilla seamonkey 2.0.11

mozilla seamonkey 2.19

mozilla seamonkey 2.17

mozilla seamonkey 2.16

mozilla seamonkey

mozilla seamonkey 2.0.9

mozilla seamonkey 2.0.8

mozilla seamonkey 2.0.14

mozilla seamonkey 2.0.13

mozilla seamonkey 2.17.1

mozilla seamonkey 2.22

mozilla seamonkey 2.13.2

mozilla seamonkey 2.13.1

mozilla seamonkey 2.12.1

mozilla seamonkey 2.0.5

mozilla seamonkey 2.0.4

mozilla seamonkey 2.0.10

mozilla seamonkey 2.0.1

mozilla firefox esr 17.0.10

mozilla firefox esr 17.0.6

mozilla firefox esr 17.0.5

mozilla firefox esr 24.0.2

mozilla firefox esr 17.0.9

mozilla firefox esr 17.0.2

mozilla firefox esr 17.0.1

mozilla firefox esr 24.0

mozilla firefox esr 24.0.1

mozilla firefox esr 17.0.4

mozilla firefox esr 17.0.3

mozilla firefox esr 17.0.8

mozilla firefox esr 17.0.7

mozilla firefox esr 17.0

mozilla firefox 24.0

mozilla firefox 22.0

mozilla firefox 21.0

mozilla firefox 19.0.1

mozilla firefox 19.0

mozilla firefox

mozilla firefox 20.0.1

mozilla firefox 20.0

mozilla firefox 19.0.2

mozilla firefox 23.0.1

mozilla firefox 23.0

Vendor Advisories

Red Hat: Important: nss, nspr, and nss-util security update
Synopsis Important: nss, nspr, and nss-util security update Type/Severity Security Advisory: Important Topic Updated nss, nspr, and nss-util packages that fix multiple security issuesare now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant ...
Red Hat: Important: nss and nspr security, bug fix, and enhancement update
Synopsis Important: nss and nspr security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated nss and nspr packages that fix multiple security issues, severalbugs, and add various enhancements are now available for Red Hat EnterpriseLinux 5The Red Hat Security Response ...
Ubuntu Security Notice: nspr vulnerability
NSPR could be made to crash or run programs if it received a specially crafted certificate ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Ubuntu Security Notice: firefox vulnerabilities
Several security issues were fixed in Firefox ...
Amazon Linux AMI: ALAS-2013-265
A flaw was found in the way NSS handled invalid handshake packets A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2013-5605) It was found that the fix for CVE-2013-1620 introduced a regression causing NSS to read un ...
Amazon Linux AMI: ALAS-2013-266
A flaw was found in the way NSS handled invalid handshake packets A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2013-5605) It was found that the fix for CVE-2013-1620 introduced a regression causing NSS to read un ...
Mozilla: Miscellaneous Network Security Services (NSS) vulnerabilities
Mozilla Foundation Security Advisory 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities Announced November 15, 2013 Impact Critical Products Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR Fixed in ...

References

CWE-189https://bugzilla.mozilla.org/show_bug.cgi?id=927687https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJhttp://www.mozilla.org/security/announce/2013/mfsa2013-103.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1791.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00080.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1829.htmlhttp://www.ubuntu.com/usn/USN-2031-1http://www.ubuntu.com/usn/USN-2032-1http://www.ubuntu.com/usn/USN-2087-1http://security.gentoo.org/glsa/glsa-201406-19.xmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/63802https://security.gentoo.org/glsa/201504-01http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://www.debian.org/security/2013/dsa-2820https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2013:1829https://usn.ubuntu.com/2087-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook