[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-5607Date: (C)2013-11-28   (M)2024-03-27


Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-63802
DSA-2820
GLSA-201406-19
GLSA-201504-01
IAVM:2013-A-0220
RHSA-2013:1791
RHSA-2013:1829
SUSE-SU-2013:1807
USN-2031-1
USN-2032-1
USN-2087-1
https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.mozilla.org/show_bug.cgi?id=927687
openSUSE-SU-2013:1732

CPE    170
cpe:/a:mozilla:firefox_esr:17.0.10
cpe:/a:mozilla:seamonkey:2.21:beta1
cpe:/a:mozilla:seamonkey:2.21:beta2
cpe:/a:mozilla:firefox:20.0.1
...
CWE    1
CWE-189
OVAL    23
oval:org.secpod.oval:def:106166
oval:org.secpod.oval:def:106153
oval:org.secpod.oval:def:601170
oval:org.secpod.oval:def:701551
...

© SecPod Technologies