CVE-2013-5607

Currently unrated

Key Information:

Vendor: Mozilla
Status: Netscape Portable Runtime
Vendor: CVE Published:; 20 November 2013

Summary

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.debian.org/security/2013/dsa-2820

vendor-advisoryx_refsource_DEBIAN

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 20, 2013
Vulnerability Reserved
Aug 26, 2013