7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.101 Low
EPSS
Percentile
95.0%
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape
Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1,
Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey
before 2.22.1, allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted
X.509 certificate, a related issue to CVE-2013-1741.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 25.0.1+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | firefox | < 25.0.1+build1-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | firefox | < 25.0.1+build1-0ubuntu0.13.04.1 | UNKNOWN |
ubuntu | 13.10 | noarch | firefox | < 25.0.1+build1-0ubuntu0.13.10.1 | UNKNOWN |
ubuntu | 10.04 | noarch | nspr | < 4.9.5-0ubuntu0.10.04.2 | UNKNOWN |
ubuntu | 12.04 | noarch | nspr | < 4.9.5-0ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 12.10 | noarch | nspr | < 4.9.5-0ubuntu0.12.10.2 | UNKNOWN |
ubuntu | 13.10 | noarch | nspr | < 2:4.9.5-1ubuntu1.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | thunderbird | < 1:24.1.1+build1-0ubuntu0.12.10.1 | UNKNOWN |
www.mozilla.org/security/announce/2013/mfsa2013-103.html
groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/_8AcygMEjSA
launchpad.net/bugs/cve/CVE-2013-5607
nvd.nist.gov/vuln/detail/CVE-2013-5607
security-tracker.debian.org/tracker/CVE-2013-5607
ubuntu.com/security/notices/USN-2031-1
ubuntu.com/security/notices/USN-2032-1
ubuntu.com/security/notices/USN-2087-1
www.cve.org/CVERecord?id=CVE-2013-5607