CVE-2013-1705Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
10.0CRITICALNVD
EPSS
5.3%
top 9.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedAug 7
Latest updateMay 17

Description

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/firefox22.0+6
NVDmozilla/seamonkey2.20+52

🔴Vulnerability Details

2
GHSA
GHSA-3p9p-84c4-78r8: Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 232022-05-17
CVEList
CVE-2013-1705: Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 232013-08-07

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2013-08-06
Red Hat
Mozilla: Buffer underflow when generating CRMF requests (MFSA 2013-65)2013-08-06
Red Hat
mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013)2013-01-15

💬Community

2
Bugzilla
CVE-2013-1705 Mozilla: Buffer underflow when generating CRMF requests (MFSA 2013-65)2013-08-07
Bugzilla
CVE-2012-1705 mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013)2013-01-16
CVE-2013-1705 — Mozilla Firefox vulnerability | cvebase