CVE-2013-0791: Buffer Overflow
First published: Wed Apr 03 2013(Updated: )
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=20.0 | |
| Mozilla Firefox ESR | >=17.0<17.0.5 | |
| Mozilla NSS ESR | <3.15 | |
| Mozilla SeaMonkey | <2.17 | |
| Mozilla Thunderbird | <17.0.5 | |
| Mozilla Thunderbird ESR | >=17.0<17.0.5 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =11.10 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| Oracle VM Server | =3.2 | |
| redhat enterprise Linux desktop | =5.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =5.9 | |
| redhat enterprise Linux server | =5.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server aus | =5.9 | |
| redhat enterprise Linux workstation | =5.0 | |
| redhat enterprise Linux workstation | =6.0 | |
| Mozilla Firefox and Thunderbird | <=20.0 | |
| Mozilla Firefox and Thunderbird | >=17.0<17.0.5 | |
| Mozilla Firefox and Thunderbird | <17.0.5 | |
| Mozilla Thunderbird | >=17.0<17.0.5 | |
| Ubuntu | =10.04 | |
| Ubuntu | =11.10 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server | =5.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =5.9 | |
| Red Hat Enterprise Linux Workstation | =5.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
- http://rhn.redhat.com/errata/RHSA-2013-1135.html
- http://rhn.redhat.com/errata/RHSA-2013-1144.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-40.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/58826
- http://www.ubuntu.com/usn/USN-1791-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=629816
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150
Frequently Asked Questions
What is the severity of CVE-2013-0791?
CVE-2013-0791 is classified as a high severity vulnerability due to its potential to cause denial of service.
How do I fix CVE-2013-0791?
To fix CVE-2013-0791, update to the latest version of the affected software including Mozilla Firefox version 20.0 or later.
What types of software are affected by CVE-2013-0791?
CVE-2013-0791 affects several products including Mozilla Firefox, Thunderbird, SeaMonkey, and Mozilla NSS.
Is CVE-2013-0791 present in older versions of Ubuntu?
Yes, CVE-2013-0791 is present in certain versions of Ubuntu, such as Ubuntu 10.04 and 12.04, among others.
What is the impact of exploiting CVE-2013-0791?
Exploiting CVE-2013-0791 can lead to a denial of service, impacting the availability of the affected applications.
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/20.0
- canonical/mozilla firefox esr
- version/mozilla firefox esr/17.0
- canonical/mozilla nss esr
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- canonical/mozilla thunderbird esr
- version/mozilla thunderbird esr/17.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/11.10
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- vendor/oracle
- canonical/oracle vm server
- version/oracle vm server/3.2
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5.9
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/5.0
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/5.9
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/5.0
- version/redhat enterprise linux workstation/6.0
- canonical/mozilla firefox and thunderbird
- version/mozilla firefox and thunderbird/20.0
- version/mozilla firefox and thunderbird/17.0
- version/mozilla thunderbird/17.0
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/11.10
- version/ubuntu/12.04
- version/ubuntu/12.10
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/5.0
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/5.9
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/5.0
- version/red hat enterprise linux workstation/6.0