Lucene search
HistoryAug 07, 2013 - 1:55 a.m.
CVE-2013-1705
cve-2013-1705
buffer underflow
cryptojs
mozilla firefox
seamonkey
remote code execution
denial of service
crmf
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.6 High
AI Score
Confidence
Low
0.06 Low
EPSS
Percentile
93.5%
Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.
Affected configurations
Node
mozillaseamonkeyRange≤2.20beta3
ORmozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillaseamonkeyMatch2.0.2
ORmozillaseamonkeyMatch2.0.3
ORmozillaseamonkeyMatch2.0.4
ORmozillaseamonkeyMatch2.0.5
ORmozillaseamonkeyMatch2.0.6
ORmozillaseamonkeyMatch2.0.7
ORmozillaseamonkeyMatch2.0.8
ORmozillaseamonkeyMatch2.0.9
ORmozillaseamonkeyMatch2.0.10
ORmozillaseamonkeyMatch2.0.11
ORmozillaseamonkeyMatch2.0.12
ORmozillaseamonkeyMatch2.0.13
ORmozillaseamonkeyMatch2.0.14
ORmozillaseamonkeyMatch2.1
ORmozillaseamonkeyMatch2.1alpha1
ORmozillaseamonkeyMatch2.1alpha2
ORmozillaseamonkeyMatch2.1alpha3
ORmozillaseamonkeyMatch2.1beta1
ORmozillaseamonkeyMatch2.1beta2
ORmozillaseamonkeyMatch2.1beta3
ORmozillaseamonkeyMatch2.1rc1
ORmozillaseamonkeyMatch2.1rc2
ORmozillaseamonkeyMatch2.2
ORmozillaseamonkeyMatch2.2beta1
ORmozillaseamonkeyMatch2.2beta2
ORmozillaseamonkeyMatch2.2beta3
ORmozillaseamonkeyMatch2.3
ORmozillaseamonkeyMatch2.3beta1
ORmozillaseamonkeyMatch2.3beta2
ORmozillaseamonkeyMatch2.3beta3
ORmozillaseamonkeyMatch2.3.1
ORmozillaseamonkeyMatch2.3.2
ORmozillaseamonkeyMatch2.3.3
ORmozillaseamonkeyMatch2.4
ORmozillaseamonkeyMatch2.4beta1
ORmozillaseamonkeyMatch2.4beta2
ORmozillaseamonkeyMatch2.4beta3
ORmozillaseamonkeyMatch2.4.1
ORmozillaseamonkeyMatch2.5
ORmozillaseamonkeyMatch2.5beta1
ORmozillaseamonkeyMatch2.5beta2
ORmozillaseamonkeyMatch2.5beta3
ORmozillaseamonkeyMatch2.5beta4
ORmozillaseamonkeyMatch2.6
ORmozillaseamonkeyMatch2.6beta1
ORmozillaseamonkeyMatch2.6beta2
ORmozillaseamonkeyMatch2.6beta3
ORmozillaseamonkeyMatch2.6beta4
ORmozillaseamonkeyMatch2.6.1
ORmozillaseamonkeyMatch2.7
ORmozillaseamonkeyMatch2.7beta1
ORmozillaseamonkeyMatch2.7beta2
ORmozillaseamonkeyMatch2.7beta3
ORmozillaseamonkeyMatch2.7beta4
ORmozillaseamonkeyMatch2.7beta5
ORmozillaseamonkeyMatch2.7.1
ORmozillaseamonkeyMatch2.7.2
ORmozillaseamonkeyMatch2.8
ORmozillaseamonkeyMatch2.8beta1
ORmozillaseamonkeyMatch2.8beta2
ORmozillaseamonkeyMatch2.8beta3
ORmozillaseamonkeyMatch2.8beta4
ORmozillaseamonkeyMatch2.8beta5
ORmozillaseamonkeyMatch2.8beta6
ORmozillaseamonkeyMatch2.9
ORmozillaseamonkeyMatch2.9beta1
ORmozillaseamonkeyMatch2.9beta2
ORmozillaseamonkeyMatch2.9beta3
ORmozillaseamonkeyMatch2.9beta4
ORmozillaseamonkeyMatch2.9.1
ORmozillaseamonkeyMatch2.10
ORmozillaseamonkeyMatch2.10beta1
ORmozillaseamonkeyMatch2.10beta2
ORmozillaseamonkeyMatch2.10beta3
ORmozillaseamonkeyMatch2.10.1
ORmozillaseamonkeyMatch2.11
ORmozillaseamonkeyMatch2.11beta1
ORmozillaseamonkeyMatch2.11beta2
ORmozillaseamonkeyMatch2.11beta3
ORmozillaseamonkeyMatch2.11beta4
ORmozillaseamonkeyMatch2.11beta5
ORmozillaseamonkeyMatch2.11beta6
ORmozillaseamonkeyMatch2.12
ORmozillaseamonkeyMatch2.12beta1
ORmozillaseamonkeyMatch2.12beta2
ORmozillaseamonkeyMatch2.12beta3
ORmozillaseamonkeyMatch2.12beta4
ORmozillaseamonkeyMatch2.12beta5
ORmozillaseamonkeyMatch2.12beta6
ORmozillaseamonkeyMatch2.12.1
ORmozillaseamonkeyMatch2.13
ORmozillaseamonkeyMatch2.13beta1
ORmozillaseamonkeyMatch2.13beta2
ORmozillaseamonkeyMatch2.13beta3
ORmozillaseamonkeyMatch2.13beta4
ORmozillaseamonkeyMatch2.13beta5
ORmozillaseamonkeyMatch2.13beta6
ORmozillaseamonkeyMatch2.13.1
ORmozillaseamonkeyMatch2.13.2
ORmozillaseamonkeyMatch2.14
ORmozillaseamonkeyMatch2.14beta1
ORmozillaseamonkeyMatch2.14beta2
ORmozillaseamonkeyMatch2.14beta3
ORmozillaseamonkeyMatch2.14beta4
ORmozillaseamonkeyMatch2.14beta5
ORmozillaseamonkeyMatch2.15
ORmozillaseamonkeyMatch2.15beta1
ORmozillaseamonkeyMatch2.15beta2
ORmozillaseamonkeyMatch2.15beta3
ORmozillaseamonkeyMatch2.15beta4
ORmozillaseamonkeyMatch2.15beta5
ORmozillaseamonkeyMatch2.15beta6
ORmozillaseamonkeyMatch2.15.1
ORmozillaseamonkeyMatch2.15.2
ORmozillaseamonkeyMatch2.16
ORmozillaseamonkeyMatch2.16beta1
ORmozillaseamonkeyMatch2.16beta2
ORmozillaseamonkeyMatch2.16beta3
ORmozillaseamonkeyMatch2.16beta4
ORmozillaseamonkeyMatch2.16beta5
ORmozillaseamonkeyMatch2.16.1
ORmozillaseamonkeyMatch2.16.2
ORmozillaseamonkeyMatch2.17
ORmozillaseamonkeyMatch2.17beta1
ORmozillaseamonkeyMatch2.17beta2
ORmozillaseamonkeyMatch2.17beta3
ORmozillaseamonkeyMatch2.17beta4
ORmozillaseamonkeyMatch2.17.1
ORmozillaseamonkeyMatch2.18beta1
ORmozillaseamonkeyMatch2.18beta2
ORmozillaseamonkeyMatch2.18beta3
ORmozillaseamonkeyMatch2.18beta4
ORmozillaseamonkeyMatch2.19
ORmozillaseamonkeyMatch2.19beta1
ORmozillaseamonkeyMatch2.19beta2
ORmozillaseamonkeyMatch2.20beta1
ORmozillaseamonkeyMatch2.20beta2
Node
mozillafirefoxRange≤22.0
ORmozillafirefoxMatch19.0
ORmozillafirefoxMatch19.0.1
ORmozillafirefoxMatch19.0.2
ORmozillafirefoxMatch20.0
ORmozillafirefoxMatch20.0.1
ORmozillafirefoxMatch21.0
References
lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
lists.opensuse.org/opensuse-updates/2013-09/msg00060.html
www.mozilla.org/security/announce/2013/mfsa2013-65.html
bugzilla.mozilla.org/show_bug.cgi?id=882865
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18935
Related
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-65) - Linux
2021-11-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1497-1)
2021-06-09 00:00:00
Mozilla SeaMonkey Multiple Vulnerabilities - August 13 (Windows)
2013-08-08 00:00:00
cvelist
cvelist
CVE-2013-1705
2013-08-07 01:00:00
mozilla
mozilla
Buffer underflow when generating CRMF requests — Mozilla
2013-08-06 00:00:00
prion
prion
Heap overflow
2013-08-07 01:55:00
ubuntucve
ubuntucve
CVE-2013-1705
2013-08-06 00:00:00
nvd
nvd
CVE-2013-1705
2013-08-07 01:55:04
nessus
nessus
openSUSE Security Update : xulrunner17 (openSUSE-SU-2013:1496-1)
2014-06-13 00:00:00
SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8344 / 8346)
2013-09-28 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1924-1)
2013-08-07 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-09-27 22:04:14
Mozilla updates August 2013 (important)
2013-08-14 03:05:38
ubuntu
ubuntu
Ubufox and Unity Firefox Extension update
2013-08-06 00:00:00
Firefox vulnerabilities
2013-08-06 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-08-06 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-08-12 00:00:00
mageia
mageia
Updated iceape packages fix many vulnerabilities
2013-11-21 00:16:49
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.6 High
AI Score
Confidence
Low
0.06 Low
EPSS
Percentile
93.5%
Related for CVE-2013-1705