CVE-2013-5607

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
mozillanetscape_portable_runtime
𝑥
≤ 4.10.1
mozillanetscape_portable_runtime
4.1.1
mozillanetscape_portable_runtime
4.1.2
mozillanetscape_portable_runtime
4.2
mozillanetscape_portable_runtime
4.2.2
mozillanetscape_portable_runtime
4.3
mozillanetscape_portable_runtime
4.4.1
mozillanetscape_portable_runtime
4.5.1
mozillanetscape_portable_runtime
4.6
mozillanetscape_portable_runtime
4.6.1
mozillanetscape_portable_runtime
4.6.2
mozillanetscape_portable_runtime
4.6.3
mozillanetscape_portable_runtime
4.6.4
mozillanetscape_portable_runtime
4.6.5
mozillanetscape_portable_runtime
4.6.6
mozillanetscape_portable_runtime
4.6.7
mozillanetscape_portable_runtime
4.6.8
mozillanetscape_portable_runtime
4.7
mozillanetscape_portable_runtime
4.7.1
mozillanetscape_portable_runtime
4.7.2
mozillanetscape_portable_runtime
4.7.3
mozillanetscape_portable_runtime
4.7.4
mozillanetscape_portable_runtime
4.7.5
mozillanetscape_portable_runtime
4.7.6
mozillanetscape_portable_runtime
4.8
mozillanetscape_portable_runtime
4.8.2
mozillanetscape_portable_runtime
4.8.3
mozillanetscape_portable_runtime
4.8.4
mozillanetscape_portable_runtime
4.8.5
mozillanetscape_portable_runtime
4.8.6
mozillanetscape_portable_runtime
4.8.7
mozillanetscape_portable_runtime
4.8.8
mozillanetscape_portable_runtime
4.8.9
mozillanetscape_portable_runtime
4.9
mozillanetscape_portable_runtime
4.9.1
mozillanetscape_portable_runtime
4.9.2
mozillanetscape_portable_runtime
4.9.3
mozillanetscape_portable_runtime
4.9.4
mozillanetscape_portable_runtime
4.9.5
mozillanetscape_portable_runtime
4.9.6
mozillanetscape_portable_runtime
4.10
mozillaseamonkey
𝑥
≤ 2.22
mozillaseamonkey
2.0
mozillaseamonkey
2.0:alpha_1
mozillaseamonkey
2.0:alpha_2
mozillaseamonkey
2.0:alpha_3
mozillaseamonkey
2.0:beta_1
mozillaseamonkey
2.0:beta_2
mozillaseamonkey
2.0:rc1
mozillaseamonkey
2.0:rc2
mozillaseamonkey
2.0.1
mozillaseamonkey
2.0.2
mozillaseamonkey
2.0.3
mozillaseamonkey
2.0.4
mozillaseamonkey
2.0.5
mozillaseamonkey
2.0.6
mozillaseamonkey
2.0.7
mozillaseamonkey
2.0.8
mozillaseamonkey
2.0.9
mozillaseamonkey
2.0.10
mozillaseamonkey
2.0.11
mozillaseamonkey
2.0.12
mozillaseamonkey
2.0.13
mozillaseamonkey
2.0.14
mozillaseamonkey
2.1
mozillaseamonkey
2.1:alpha1
mozillaseamonkey
2.1:alpha2
mozillaseamonkey
2.1:alpha3
mozillaseamonkey
2.1:beta1
mozillaseamonkey
2.1:beta2
mozillaseamonkey
2.1:beta3
mozillaseamonkey
2.1:rc1
mozillaseamonkey
2.1:rc2
mozillaseamonkey
2.10
mozillaseamonkey
2.10:beta1
mozillaseamonkey
2.10:beta2
mozillaseamonkey
2.10:beta3
mozillaseamonkey
2.10.1
mozillaseamonkey
2.11
mozillaseamonkey
2.11:beta1
mozillaseamonkey
2.11:beta2
mozillaseamonkey
2.11:beta3
mozillaseamonkey
2.11:beta4
mozillaseamonkey
2.11:beta5
mozillaseamonkey
2.11:beta6
mozillaseamonkey
2.12
mozillaseamonkey
2.12:beta1
mozillaseamonkey
2.12:beta2
mozillaseamonkey
2.12:beta3
mozillaseamonkey
2.12:beta4
mozillaseamonkey
2.12:beta5
mozillaseamonkey
2.12:beta6
mozillaseamonkey
2.12.1
mozillaseamonkey
2.13
mozillaseamonkey
2.13:beta1
mozillaseamonkey
2.13:beta2
mozillaseamonkey
2.13:beta3
mozillaseamonkey
2.13:beta4
mozillaseamonkey
2.13:beta5
mozillaseamonkey
2.13:beta6
mozillaseamonkey
2.13.1
mozillaseamonkey
2.13.2
mozillaseamonkey
2.14
mozillaseamonkey
2.14:beta1
mozillaseamonkey
2.14:beta2
mozillaseamonkey
2.14:beta3
mozillaseamonkey
2.14:beta4
mozillaseamonkey
2.14:beta5
mozillaseamonkey
2.15
mozillaseamonkey
2.15:beta1
mozillaseamonkey
2.15:beta2
mozillaseamonkey
2.15:beta3
mozillaseamonkey
2.15:beta4
mozillaseamonkey
2.15:beta5
mozillaseamonkey
2.15:beta6
mozillaseamonkey
2.15.1
mozillaseamonkey
2.15.2
mozillaseamonkey
2.16
mozillaseamonkey
2.16:beta1
mozillaseamonkey
2.16:beta2
mozillaseamonkey
2.16:beta3
mozillaseamonkey
2.16:beta4
mozillaseamonkey
2.16:beta5
mozillaseamonkey
2.16.1
mozillaseamonkey
2.16.2
mozillaseamonkey
2.17
mozillaseamonkey
2.17:beta1
mozillaseamonkey
2.17:beta2
mozillaseamonkey
2.17:beta3
mozillaseamonkey
2.17:beta4
mozillaseamonkey
2.17.1
mozillaseamonkey
2.18:beta1
mozillaseamonkey
2.18:beta2
mozillaseamonkey
2.18:beta3
mozillaseamonkey
2.18:beta4
mozillaseamonkey
2.19
mozillaseamonkey
2.19:beta1
mozillaseamonkey
2.19:beta2
mozillaseamonkey
2.20
mozillaseamonkey
2.20:beta1
mozillaseamonkey
2.20:beta2
mozillaseamonkey
2.20:beta3
mozillaseamonkey
2.21
mozillaseamonkey
2.21:beta1
mozillaseamonkey
2.21:beta2
mozillaseamonkey
2.22:beta1
mozillaseamonkey
2.22:beta2
mozillafirefox
17.0
mozillafirefox
17.0.1
mozillafirefox
17.0.2
mozillafirefox
17.0.3
mozillafirefox
17.0.4
mozillafirefox
17.0.5
mozillafirefox
17.0.6
mozillafirefox
17.0.7
mozillafirefox
17.0.8
mozillafirefox
17.0.9
mozillafirefox
17.0.10
mozillafirefox
24.0
mozillafirefox_esr
24.0.1
mozillafirefox_esr
24.0.2
mozillafirefox
𝑥
≤ 25.0
mozillafirefox
19.0
mozillafirefox
19.0.1
mozillafirefox
19.0.2
mozillafirefox
20.0
mozillafirefox
20.0.1
mozillafirefox
21.0
mozillafirefox
22.0
mozillafirefox
23.0
mozillafirefox
23.0.1
mozillafirefox
24.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nspr
bullseye
2:4.29-1
fixed
bookworm
2:4.35-1
fixed
sid
2:4.35-1.1
fixed
trixie
2:4.35-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
saucy
Fixed 25.0.1+build1-0ubuntu0.13.10.1
released
raring
Fixed 25.0.1+build1-0ubuntu0.13.04.1
released
quantal
Fixed 25.0.1+build1-0ubuntu0.12.10.1
released
precise
Fixed 25.0.1+build1-0ubuntu0.12.04.1
released
lucid
ignored
nspr
saucy
Fixed 2:4.9.5-1ubuntu1.1
released
raring
ignored
quantal
Fixed 4.9.5-0ubuntu0.12.10.2
released
precise
Fixed 4.9.5-0ubuntu0.12.04.2
released
lucid
Fixed 4.9.5-0ubuntu0.10.04.2
released
thunderbird
saucy
Fixed 1:24.1.1+build1-0ubuntu0.13.10.1
released
raring
Fixed 1:24.1.1+build1-0ubuntu0.13.04.1
released
quantal
Fixed 1:24.1.1+build1-0ubuntu0.12.10.1
released
precise
Fixed 1:24.1.1+build1-0ubuntu0.12.04.1
released
lucid
ignored
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html
http://rhn.redhat.com/errata/RHSA-2013-1791.html
http://rhn.redhat.com/errata/RHSA-2013-1829.html
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://www.debian.org/security/2013/dsa-2820
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/63802
http://www.ubuntu.com/usn/USN-2031-1
http://www.ubuntu.com/usn/USN-2032-1
http://www.ubuntu.com/usn/USN-2087-1
https://bugzilla.mozilla.org/show_bug.cgi?id=927687
https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ
https://security.gentoo.org/glsa/201504-01
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html
http://rhn.redhat.com/errata/RHSA-2013-1791.html
http://rhn.redhat.com/errata/RHSA-2013-1829.html
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://www.debian.org/security/2013/dsa-2820
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/63802
http://www.ubuntu.com/usn/USN-2031-1
http://www.ubuntu.com/usn/USN-2032-1
http://www.ubuntu.com/usn/USN-2087-1
https://bugzilla.mozilla.org/show_bug.cgi?id=927687
https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ
https://security.gentoo.org/glsa/201504-01