Vulnerability Details : CVE-2013-5607
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2013-5607
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:23.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:23.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.20:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.19:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.19:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.18:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.18:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.18:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.20:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.18:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.20:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.22:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.21:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.21:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.22:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.5.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5607
5.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-5607
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-5607
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5607
-
http://www.ubuntu.com/usn/USN-2031-1
USN-2031-1: Firefox vulnerabilities | Ubuntu security notices
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Juniper Networks - 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView
-
http://www.debian.org/security/2013/dsa-2820
Debian -- Security Information -- DSA-2820-1 nspr
-
http://www.ubuntu.com/usn/USN-2087-1
USN-2087-1: NSPR vulnerability | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html
[security-announce] SUSE-SU-2013:1807-1: important: Security update for
-
https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ
-
http://www.securityfocus.com/bid/63802
Mozilla Netscape Portable Runtime CVE-2013-5607 Integer Overflow Vulnerability
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://security.gentoo.org/glsa/glsa-201406-19.xml
Mozilla Network Security Service: Multiple vulnerabilities (GLSA 201406-19) — Gentoo security
-
http://www.ubuntu.com/usn/USN-2032-1
USN-2032-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
Miscellaneous Network Security Services (NSS) vulnerabilities — MozillaVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-1829.html
RHSA-2013:1829 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html
openSUSE-SU-2013:1732-1: moderate: update for mozilla-nss
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016
-
http://rhn.redhat.com/errata/RHSA-2013-1791.html
RHSA-2013:1791 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.mozilla.org/show_bug.cgi?id=927687
927687 - (CVE-2013-5607) Avoid unsigned integer wrapping in PL_ArenaAllocate
Jump to