CVE-2013-1739 — Mozilla Network Security Services vulnerability

10 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

2.9%

top 13.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla NSS Mozilla Network Security Services

Timeline

PublishedOct 22

Latest updateMay 14

Description

Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/network_security_services3.15.1+19

▶Debianmozilla/nss< 2:3.15.2-1+3

🔴Vulnerability Details

GHSA

GHSA-9j62-mm37-x965: Mozilla Network Security Services (NSS) before 3↗2022-05-14

▶

OSV

CVE-2013-1739: Mozilla Network Security Services (NSS) before 3↗2013-10-22

▶

CVEList

CVE-2013-1739: Mozilla Network Security Services (NSS) before 3↗2013-10-22

▶

📋Vendor Advisories

Ubuntu

NSS vulnerabilities↗2013-11-18

▶

Ubuntu

Thunderbird vulnerabilities↗2013-10-31

▶

Ubuntu

Firefox vulnerabilities↗2013-10-29

▶

Red Hat

nss: Avoid uninitialized data read in the event of a decryption failure↗2013-10-17

▶

Debian

CVE-2013-1739: nss - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data ...↗2013

▶

💬Community

Bugzilla

CVE-2013-1739 nss: Avoid uninitialized data read in the event of a decryption failure↗2013-09-27

▶