Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for netscape_portable_runtime by mozilla

CVE-2013-5607 (GCVE-0-2013-5607)

Vulnerability from nvd

Published

2013-11-20 11:00

Modified

2024-08-06 17:15

Severity ?

CWE

Summary

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://www.debian.org/security/2013/dsa-2820	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/201504-01	vendor-advisory, x_refsource_GENTOO
	http://www.ubuntu.com/usn/USN-2087-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.mozilla.org/show_bug.cgi?id=927687	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201406-19.xml	vendor-advisory, x_refsource_GENTOO
	http://www.ubuntu.com/usn/USN-2031-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2032-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2013-1791.html	vendor-advisory, x_refsource_REDHAT
	https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761	x_refsource_CONFIRM
	http://www.mozilla.org/security/announce/2013/mfsa2013-103.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/63802	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2013-1829.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:21.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "DSA-2820",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2820"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "USN-2087-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2087-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=927687"
          },
          {
            "name": "GLSA-201406-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
          },
          {
            "name": "USN-2031-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2031-1"
          },
          {
            "name": "USN-2032-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2032-1"
          },
          {
            "name": "RHSA-2013:1791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
          },
          {
            "name": "[dev-tech-nspr] 20131113 [ANNOUNCE] NSPR 4.10.2 Release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ"
          },
          {
            "name": "SUSE-SU-2013:1807",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
          },
          {
            "name": "openSUSE-SU-2013:1732",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
          },
          {
            "name": "63802",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/63802"
          },
          {
            "name": "RHSA-2013:1829",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-08T21:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "DSA-2820",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2820"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "name": "USN-2087-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2087-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=927687"
        },
        {
          "name": "GLSA-201406-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
        },
        {
          "name": "USN-2031-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2031-1"
        },
        {
          "name": "USN-2032-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2032-1"
        },
        {
          "name": "RHSA-2013:1791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
        },
        {
          "name": "[dev-tech-nspr] 20131113 [ANNOUNCE] NSPR 4.10.2 Release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ"
        },
        {
          "name": "SUSE-SU-2013:1807",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
        },
        {
          "name": "openSUSE-SU-2013:1732",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
        },
        {
          "name": "63802",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/63802"
        },
        {
          "name": "RHSA-2013:1829",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2013-5607",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "DSA-2820",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2820"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "USN-2087-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2087-1"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=927687",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=927687"
            },
            {
              "name": "GLSA-201406-19",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
            },
            {
              "name": "USN-2031-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2031-1"
            },
            {
              "name": "USN-2032-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2032-1"
            },
            {
              "name": "RHSA-2013:1791",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
            },
            {
              "name": "[dev-tech-nspr] 20131113 [ANNOUNCE] NSPR 4.10.2 Release",
              "refsource": "MLIST",
              "url": "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ"
            },
            {
              "name": "SUSE-SU-2013:1807",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
            },
            {
              "name": "openSUSE-SU-2013:1732",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html"
            },
            {
              "name": "63802",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/63802"
            },
            {
              "name": "RHSA-2013:1829",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2013-5607",
    "datePublished": "2013-11-20T11:00:00",
    "dateReserved": "2013-08-26T00:00:00",
    "dateUpdated": "2024-08-06T17:15:21.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}