Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2013-5607 | First vendor Publication | 2013-11-20 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:19778 | |||
| Oval ID: | oval:org.mitre.oval:def:19778 | ||
| Title: | Avoid unsigned integer wrapping in PL_ArenaAllocate | ||
| Description: | Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5607 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19893 | |||
| Oval ID: | oval:org.mitre.oval:def:19893 | ||
| Title: | USN-2032-1 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2032-1 CVE-2013-1741 CVE-2013-2566 CVE-2013-5605 CVE-2013-5607 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19958 | |||
| Oval ID: | oval:org.mitre.oval:def:19958 | ||
| Title: | USN-2031-1 -- firefox vulnerabilities | ||
| Description: | Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2031-1 CVE-2013-1741 CVE-2013-2566 CVE-2013-5605 CVE-2013-5607 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20606 | |||
| Oval ID: | oval:org.mitre.oval:def:20606 | ||
| Title: | RHSA-2013:1829: nss, nspr, and nss-util security update (Important) | ||
| Description: | Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1829-00 CESA-2013:1829 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 | Version: | 75 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | nspr nss nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21069 | |||
| Oval ID: | oval:org.mitre.oval:def:21069 | ||
| Title: | DSA-2820-1 nspr - integer overflow | ||
| Description: | It was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2820-1 CVE-2013-5607 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | nspr |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21104 | |||
| Oval ID: | oval:org.mitre.oval:def:21104 | ||
| Title: | RHSA-2013:1791: nss and nspr security, bug fix, and enhancement update (Important) | ||
| Description: | Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1791-00 CESA-2013:1791 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 | Version: | 73 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22452 | |||
| Oval ID: | oval:org.mitre.oval:def:22452 | ||
| Title: | USN-2087-1 -- nspr vulnerability | ||
| Description: | NSPR could be made to crash or run programs if it received a specially crafted certificate. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2087-1 CVE-2013-5607 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | nspr |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23177 | |||
| Oval ID: | oval:org.mitre.oval:def:23177 | ||
| Title: | ELSA-2013:1791: nss and nspr security, bug fix, and enhancement update (Important) | ||
| Description: | Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1791-00 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 | Version: | 25 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24183 | |||
| Oval ID: | oval:org.mitre.oval:def:24183 | ||
| Title: | ELSA-2013:1829: nss, nspr, and nss-util security update (Important) | ||
| Description: | Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1829-00 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 | Version: | 25 |
| Platform(s): | Oracle Linux 6 | Product(s): | nspr nss nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27219 | |||
| Oval ID: | oval:org.mitre.oval:def:27219 | ||
| Title: | DEPRECATED: ELSA-2013-1829 -- nss, nspr, and nss-util security update (important) | ||
| Description: | nspr [4.10.0-2] - Rebase to nspr-4.10.2 - Resolves: rhbz#1032485 - CVE-2013-5607 (MFSA 2013-103) Avoid unsigned integer wrapping in PL_ArenaAllocate (MFSA 2013-103) nss [3.15.3-2.0.1] - Added nss-vendor.patch to change vendor [3.15.3-2] - Enable patch with fix for deadlock in trust domain lock and object lock - Resolves: Bug 1036477 - deadlock in trust domain lock and object lock - Disable hw gcm on rhel-5 based build environments where OS lacks support - Rollback changes to build nss without softokn until Bug 689919 is approved - Cipher suite was run as part of the nss-softokn build [3.15.3-1] - Update to NSS_3_15_3_RTM - Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss-util [3.15.3-1] - Update to NSS_3_15_3_RTM - Resolves: rhbz#1032470 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1829 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | nspr nss nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27325 | |||
| Oval ID: | oval:org.mitre.oval:def:27325 | ||
| Title: | DEPRECATED: ELSA-2013-1791 -- nss and nspr security, bug fix, and enhancement update (important) | ||
| Description: | nspr [4.10.2-2] - Fix changelog comments - Resolves: rhbz#1032466 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws [rhel-5.10] | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1791 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-11-21 | IAVM : 2013-A-0220 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0042380 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201504-01.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
| 2014-06-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-19.nasl - Type : ACT_GATHER_INFO |
| 2014-01-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2087-1.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-266.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-265.nasl - Type : ACT_GATHER_INFO |
| 2013-12-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2820.nasl - Type : ACT_GATHER_INFO |
| 2013-12-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131212_nss__nspr__and_nss_util_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-13 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23139.nasl - Type : ACT_GATHER_INFO |
| 2013-12-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
| 2013-12-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
| 2013-12-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23159.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131205_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
| 2013-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
| 2013-12-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
| 2013-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_nss-201311-131121.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_1_1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2032-1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_1_1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-270.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2031-1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_2501.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_1_1_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2221.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_25_0_1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_1_1_esr.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 12:37:03 |
|
| 2024-11-01 01:25:06 |
|
| 2024-10-22 09:28:15 |
|
| 2024-10-21 17:28:21 |
|
| 2024-08-02 12:25:25 |
|
| 2024-08-02 01:07:35 |
|
| 2024-02-10 01:22:42 |
|
| 2024-02-02 01:24:43 |
|
| 2024-02-01 12:07:20 |
|
| 2023-09-05 12:23:22 |
|
| 2023-09-05 01:07:14 |
|
| 2023-09-02 12:23:22 |
|
| 2023-09-02 01:07:19 |
|
| 2023-08-22 12:21:07 |
|
| 2023-07-14 01:06:58 |
|
| 2023-03-28 12:07:16 |
|
| 2022-10-11 01:07:00 |
|
| 2021-05-05 01:13:34 |
|
| 2021-05-04 12:27:46 |
|
| 2021-04-22 01:33:33 |
|
| 2020-10-14 01:10:04 |
|
| 2020-10-03 01:10:09 |
|
| 2020-05-29 01:09:17 |
|
| 2020-05-24 01:12:23 |
|
| 2020-05-23 00:38:23 |
|
| 2018-12-04 12:05:22 |
|
| 2018-01-18 12:05:39 |
|
| 2018-01-09 13:22:58 |
|
| 2017-11-22 12:05:38 |
|
| 2017-11-21 12:04:47 |
|
| 2016-12-31 09:24:19 |
|
| 2016-12-22 09:23:33 |
|
| 2016-11-29 00:24:50 |
|
| 2016-09-09 09:23:16 |
|
| 2016-06-28 19:44:29 |
|
| 2016-04-26 23:40:52 |
|
| 2015-04-09 13:28:38 |
|
| 2014-11-08 13:31:11 |
|
| 2014-07-18 09:22:04 |
|
| 2014-06-24 13:22:31 |
|
| 2014-03-06 13:23:01 |
|
| 2014-02-17 11:23:22 |
|
| 2014-01-28 13:19:57 |
|
| 2013-11-25 17:21:15 |
|
| 2013-11-21 17:19:36 |
|
| 2013-11-20 21:21:06 |
|
| 2013-11-20 17:19:57 |
|
