PT-2013-5677 · Mozilla+4 · Firefox+6
Wan-Teh Chang
·
Published
2013-11-15
·
Updated
2024-10-21
·
CVE-2013-5607
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions prior to 25.0.1
Mozilla Firefox ESR 17.x versions prior to 17.0.11
Mozilla Firefox ESR 24.x versions prior to 24.1.1
SeaMonkey versions prior to 2.22.1
NSPR versions prior to 4.10.2
Description
The issue is related to an integer overflow in the
PL ArenaAllocate function, which can be triggered by a crafted X.509 certificate. This can cause a denial of service, resulting in an application crash, and may have other unspecified impacts.Recommendations
For Mozilla Firefox versions prior to 25.0.1, update to version 25.0.1 or later.
For Mozilla Firefox ESR 17.x versions prior to 17.0.11, update to version 17.0.11 or later.
For Mozilla Firefox ESR 24.x versions prior to 24.1.1, update to version 24.1.1 or later.
For SeaMonkey versions prior to 2.22.1, update to version 2.22.1 or later.
For NSPR versions prior to 4.10.2, update to version 4.10.2 or later.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Centos
Firefox
Nspr
Red Hat
Seamonkey
Suse