CVE-2013-0791

CWE-119Buffer Overflow9 documents8 sources
Severity
5.0MEDIUM
EPSS
2.1%
top 16.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Mozilla FirefoxMozilla Network Security ServicesMozilla Seamonkey+9 more
Timeline
PublishedApr 3
Latest updateMay 17

Description

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages10 packages

NVDmozilla/firefox17.017.0.5+1
NVDmozilla/thunderbird< 17.0.5
NVDmozilla/thunderbird_esr17.017.0.5
NVDmozilla/seamonkey< 2.17

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10, Enterprise Linux 5.9

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

3
GHSA
GHSA-7x34-3f9v-qrcr: The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 202022-05-17
CVEList
CVE-2013-0791: The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 202013-04-03
OSV
CVE-2013-0791: The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 202013-04-03

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2013-04-08
Ubuntu
Firefox vulnerabilities2013-04-04
Red Hat
Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)2013-04-02
Debian
CVE-2013-0791: nss - The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), ...2013

💬Community

1
Bugzilla
CVE-2013-0791 Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)2013-04-01
CVE-2013-0791 (MEDIUM CVSS 5) | The CERT_DecodeCertPackage function | cvebase.io