CVE-2013-0791 — MEDIUM (5.0)

Q: How severe is CVE-2013-0791?

CVE-2013-0791 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-0791?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Network Security Services, Mozilla Seamonkey, Mozilla Thunderbird, Mozilla Thunderbird Esr.

Vulnerability Description

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	<= 20.0
Mozilla	Network Security Services	< 3.15
Mozilla	Seamonkey	< 2.17
Mozilla	Thunderbird	< 17.0.5
Mozilla	Thunderbird Esr	>= 17.0, < 17.0.5
Canonical	Ubuntu Linux	10.04
Oracle	Vm Server	3.2
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.9
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	5.9
Redhat	Enterprise Linux Workstation	5.0

Related Weaknesses (CWE)

CWE-119

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2013-1135.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1144.htmlThird Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-40.htmlVendor Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmThird Party Advisory
http://www.securityfocus.com/bid/58826Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1791-1Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=629816Issue TrackingPatchVendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.htmlBroken Link

FAQ

What is CVE-2013-0791?

CVE-2013-0791 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x ...

How severe is CVE-2013-0791?

CVE-2013-0791 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0791?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Network Security Services, Mozilla Seamonkey, Mozilla Thunderbird, Mozilla Thunderbird Esr.