Denial of Service Vulnerability in Mozilla Products
CVE-2013-0791

Currently unrated

Key Information:

Vendor: Mozilla
Status: Thunderbird; Seamonkey; Thunderbird Esr; Firefox Esr
Vendor: CVE Published:; 3 April 2013

What is CVE-2013-0791?

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS) allows remote attackers to exploit a vulnerability that leads to a denial of service. By sending a specially crafted certificate, an attacker can trigger an out-of-bounds read and memory corruption, potentially causing application crashes. This issue affects several versions of Mozilla products, including Firefox and Thunderbird.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2013...

vendor-advisoryx_refsource_SUSE

http://www.ubuntu.com/usn/USN-1791-1

vendor-advisoryx_refsource_UBUNTU

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2013
Vulnerability Reserved
Jan 2, 2013