CVE-2013-5619 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2013-5619?

CVE-2013-5619 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-5619?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Mozilla Firefox.

Vulnerability Description

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Opensuse	Opensuse	12.2
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Mozilla	Firefox	< 26.0
Mozilla	Seamonkey	< 2.23
Canonical	Ubuntu Linux	12.04
Fedoraproject	Fedora	19
Oracle	Solaris	11.3

Related Weaknesses (CWE)

CWE-190

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.hMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.hMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlMailing ListThird Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-110.htmlVendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
http://www.securitytracker.com/id/1029470Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1029476Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2052-1Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=917841Issue TrackingVendor Advisory
https://security.gentoo.org/glsa/201504-01Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.hMailing ListThird Party Advisory

FAQ

What is CVE-2013-5619?

CVE-2013-5619 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-o...

How severe is CVE-2013-5619?

CVE-2013-5619 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-5619?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Mozilla Firefox.