CVE-2013-0791

2013-04-0311:56:00

CWE-119

[email protected]

web.nvd.nist.gov

mozilla

nss

denial of service

out-of-bounds read

memory corruption

crafted certificate

cve-2013-0791

nvd

5.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.069 Low

EPSS

Percentile

93.8%

JSON

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.

CPENameOperatorVersion
mozilla:thunderbirdmozilla thunderbirdlt17.0.5
mozilla:seamonkeymozilla seamonkeylt2.17
mozilla:thunderbird_esrmozilla thunderbird esrlt17.0.5
mozilla:firefox_esrmozilla firefox esrlt17.0.5
mozilla:firefoxmozilla firefoxle20.0
mozilla:network_security_servicesmozilla network security serviceslt3.15
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04

CPE	Name	Operator	Version
mozilla:thunderbird	mozilla thunderbird	lt	17.0.5
mozilla:seamonkey	mozilla seamonkey	lt	2.17
mozilla:thunderbird_esr	mozilla thunderbird esr	lt	17.0.5
mozilla:firefox_esr	mozilla firefox esr	lt	17.0.5
mozilla:firefox	mozilla firefox	le	20.0
mozilla:network_security_services	mozilla network security services	lt	3.15
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04