CVE-2013-5605 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mozilla	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
mozilla	network_security_services	3.14
mozilla	network_security_services	3.14.1
mozilla	network_security_services	3.14.2
mozilla	network_security_services	3.14.3
mozilla	network_security_services	3.14.4
mozilla	network_security_services	3.15
mozilla	network_security_services	3.15.1
mozilla	network_security_services	3.15.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

nss

bullseye	2:3.61-1+deb11u3 fixed
bullseye (security)	2:3.61-1+deb11u4 fixed
bookworm	2:3.87.1-1 fixed
sid	2:3.105-2 fixed
trixie	2:3.105-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

firefox

saucy	Fixed 25.0.1+build1-0ubuntu0.13.10.1 released
raring	Fixed 25.0.1+build1-0ubuntu0.13.04.1 released
quantal	Fixed 25.0.1+build1-0ubuntu0.12.10.1 released
precise	Fixed 25.0.1+build1-0ubuntu0.12.04.1 released
lucid	ignored

nss

saucy	Fixed 2:3.15.3-0ubuntu0.13.10.1 released
raring	Fixed 2:3.15.3-0ubuntu0.13.04.1 released
quantal	Fixed 3.15.3-0ubuntu0.12.10.1 released
precise	Fixed 3.15.3-0ubuntu0.12.04.1 released
lucid	Fixed 3.15.3-0ubuntu0.10.04.1 released

thunderbird

saucy	Fixed 1:24.1.1+build1-0ubuntu0.13.10.1 released
raring	Fixed 1:24.1.1+build1-0ubuntu0.13.04.1 released
quantal	Fixed 1:24.1.1+build1-0ubuntu0.12.10.1 released
precise	Fixed 1:24.1.1+build1-0ubuntu0.12.04.1 released
lucid	ignored

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html

http://rhn.redhat.com/errata/RHSA-2013-1791.html

http://rhn.redhat.com/errata/RHSA-2013-1829.html

http://rhn.redhat.com/errata/RHSA-2013-1840.html

http://rhn.redhat.com/errata/RHSA-2013-1841.html

http://rhn.redhat.com/errata/RHSA-2014-0041.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://security.gentoo.org/glsa/glsa-201406-19.xml

http://www.debian.org/security/2013/dsa-2800

http://www.mozilla.org/security/announce/2013/mfsa2013-103.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/63738

http://www.ubuntu.com/usn/USN-2030-1

http://www.ubuntu.com/usn/USN-2031-1

http://www.ubuntu.com/usn/USN-2032-1

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

https://bugzilla.mozilla.org/show_bug.cgi?id=934016

https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes

https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes

https://security.gentoo.org/glsa/201504-01

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html

http://rhn.redhat.com/errata/RHSA-2013-1791.html

http://rhn.redhat.com/errata/RHSA-2013-1829.html

http://rhn.redhat.com/errata/RHSA-2013-1840.html

http://rhn.redhat.com/errata/RHSA-2013-1841.html

http://rhn.redhat.com/errata/RHSA-2014-0041.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://security.gentoo.org/glsa/glsa-201406-19.xml

http://www.debian.org/security/2013/dsa-2800

http://www.mozilla.org/security/announce/2013/mfsa2013-103.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/63738

http://www.ubuntu.com/usn/USN-2030-1

http://www.ubuntu.com/usn/USN-2031-1

http://www.ubuntu.com/usn/USN-2032-1

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

https://bugzilla.mozilla.org/show_bug.cgi?id=934016

https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes

https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes

https://security.gentoo.org/glsa/201504-01