CVE-2013-5607: Integer Overflow
First published: Wed Nov 20 2013(Updated: )
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netscape Portable Runtime | <=4.10.1 | |
| Netscape Portable Runtime | =4.1.1 | |
| Netscape Portable Runtime | =4.1.2 | |
| Netscape Portable Runtime | =4.2 | |
| Netscape Portable Runtime | =4.2.2 | |
| Netscape Portable Runtime | =4.3 | |
| Netscape Portable Runtime | =4.4.1 | |
| Netscape Portable Runtime | =4.5.1 | |
| Netscape Portable Runtime | =4.6 | |
| Netscape Portable Runtime | =4.6.1 | |
| Netscape Portable Runtime | =4.6.2 | |
| Netscape Portable Runtime | =4.6.3 | |
| Netscape Portable Runtime | =4.6.4 | |
| Netscape Portable Runtime | =4.6.5 | |
| Netscape Portable Runtime | =4.6.6 | |
| Netscape Portable Runtime | =4.6.7 | |
| Netscape Portable Runtime | =4.6.8 | |
| Netscape Portable Runtime | =4.7 | |
| Netscape Portable Runtime | =4.7.1 | |
| Netscape Portable Runtime | =4.7.2 | |
| Netscape Portable Runtime | =4.7.3 | |
| Netscape Portable Runtime | =4.7.4 | |
| Netscape Portable Runtime | =4.7.5 | |
| Netscape Portable Runtime | =4.7.6 | |
| Netscape Portable Runtime | =4.8 | |
| Netscape Portable Runtime | =4.8.2 | |
| Netscape Portable Runtime | =4.8.3 | |
| Netscape Portable Runtime | =4.8.4 | |
| Netscape Portable Runtime | =4.8.5 | |
| Netscape Portable Runtime | =4.8.6 | |
| Netscape Portable Runtime | =4.8.7 | |
| Netscape Portable Runtime | =4.8.8 | |
| Netscape Portable Runtime | =4.8.9 | |
| Netscape Portable Runtime | =4.9 | |
| Netscape Portable Runtime | =4.9.1 | |
| Netscape Portable Runtime | =4.9.2 | |
| Netscape Portable Runtime | =4.9.3 | |
| Netscape Portable Runtime | =4.9.4 | |
| Netscape Portable Runtime | =4.9.5 | |
| Netscape Portable Runtime | =4.9.6 | |
| Netscape Portable Runtime | =4.10 | |
| Mozilla SeaMonkey | <=2.22 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.0.6 | |
| Mozilla SeaMonkey | =2.0.7 | |
| Mozilla SeaMonkey | =2.0.8 | |
| Mozilla SeaMonkey | =2.0.9 | |
| Mozilla SeaMonkey | =2.0.10 | |
| Mozilla SeaMonkey | =2.0.11 | |
| Mozilla SeaMonkey | =2.0.12 | |
| Mozilla SeaMonkey | =2.0.13 | |
| Mozilla SeaMonkey | =2.0.14 | |
| Mozilla SeaMonkey | =2.1 | |
| Mozilla SeaMonkey | =2.1-alpha1 | |
| Mozilla SeaMonkey | =2.1-alpha2 | |
| Mozilla SeaMonkey | =2.1-alpha3 | |
| Mozilla SeaMonkey | =2.1-beta1 | |
| Mozilla SeaMonkey | =2.1-beta2 | |
| Mozilla SeaMonkey | =2.1-beta3 | |
| Mozilla SeaMonkey | =2.1-rc1 | |
| Mozilla SeaMonkey | =2.1-rc2 | |
| Mozilla SeaMonkey | =2.10 | |
| Mozilla SeaMonkey | =2.10-beta1 | |
| Mozilla SeaMonkey | =2.10-beta2 | |
| Mozilla SeaMonkey | =2.10-beta3 | |
| Mozilla SeaMonkey | =2.10.1 | |
| Mozilla SeaMonkey | =2.11 | |
| Mozilla SeaMonkey | =2.11-beta1 | |
| Mozilla SeaMonkey | =2.11-beta2 | |
| Mozilla SeaMonkey | =2.11-beta3 | |
| Mozilla SeaMonkey | =2.11-beta4 | |
| Mozilla SeaMonkey | =2.11-beta5 | |
| Mozilla SeaMonkey | =2.11-beta6 | |
| Mozilla SeaMonkey | =2.12 | |
| Mozilla SeaMonkey | =2.12-beta1 | |
| Mozilla SeaMonkey | =2.12-beta2 | |
| Mozilla SeaMonkey | =2.12-beta3 | |
| Mozilla SeaMonkey | =2.12-beta4 | |
| Mozilla SeaMonkey | =2.12-beta5 | |
| Mozilla SeaMonkey | =2.12-beta6 | |
| Mozilla SeaMonkey | =2.12.1 | |
| Mozilla SeaMonkey | =2.13 | |
| Mozilla SeaMonkey | =2.13-beta1 | |
| Mozilla SeaMonkey | =2.13-beta2 | |
| Mozilla SeaMonkey | =2.13-beta3 | |
| Mozilla SeaMonkey | =2.13-beta4 | |
| Mozilla SeaMonkey | =2.13-beta5 | |
| Mozilla SeaMonkey | =2.13-beta6 | |
| Mozilla SeaMonkey | =2.13.1 | |
| Mozilla SeaMonkey | =2.13.2 | |
| Mozilla SeaMonkey | =2.14 | |
| Mozilla SeaMonkey | =2.14-beta1 | |
| Mozilla SeaMonkey | =2.14-beta2 | |
| Mozilla SeaMonkey | =2.14-beta3 | |
| Mozilla SeaMonkey | =2.14-beta4 | |
| Mozilla SeaMonkey | =2.14-beta5 | |
| Mozilla SeaMonkey | =2.15 | |
| Mozilla SeaMonkey | =2.15-beta1 | |
| Mozilla SeaMonkey | =2.15-beta2 | |
| Mozilla SeaMonkey | =2.15-beta3 | |
| Mozilla SeaMonkey | =2.15-beta4 | |
| Mozilla SeaMonkey | =2.15-beta5 | |
| Mozilla SeaMonkey | =2.15-beta6 | |
| Mozilla SeaMonkey | =2.15.1 | |
| Mozilla SeaMonkey | =2.15.2 | |
| Mozilla SeaMonkey | =2.16 | |
| Mozilla SeaMonkey | =2.16-beta1 | |
| Mozilla SeaMonkey | =2.16-beta2 | |
| Mozilla SeaMonkey | =2.16-beta3 | |
| Mozilla SeaMonkey | =2.16-beta4 | |
| Mozilla SeaMonkey | =2.16-beta5 | |
| Mozilla SeaMonkey | =2.16.1 | |
| Mozilla SeaMonkey | =2.16.2 | |
| Mozilla SeaMonkey | =2.17 | |
| Mozilla SeaMonkey | =2.17-beta1 | |
| Mozilla SeaMonkey | =2.17-beta2 | |
| Mozilla SeaMonkey | =2.17-beta3 | |
| Mozilla SeaMonkey | =2.17-beta4 | |
| Mozilla SeaMonkey | =2.17.1 | |
| Mozilla SeaMonkey | =2.18-beta1 | |
| Mozilla SeaMonkey | =2.18-beta2 | |
| Mozilla SeaMonkey | =2.18-beta3 | |
| Mozilla SeaMonkey | =2.18-beta4 | |
| Mozilla SeaMonkey | =2.19 | |
| Mozilla SeaMonkey | =2.19-beta1 | |
| Mozilla SeaMonkey | =2.19-beta2 | |
| Mozilla SeaMonkey | =2.20 | |
| Mozilla SeaMonkey | =2.20-beta1 | |
| Mozilla SeaMonkey | =2.20-beta2 | |
| Mozilla SeaMonkey | =2.20-beta3 | |
| Mozilla SeaMonkey | =2.21 | |
| Mozilla SeaMonkey | =2.21-beta1 | |
| Mozilla SeaMonkey | =2.21-beta2 | |
| Mozilla SeaMonkey | =2.22-beta1 | |
| Mozilla SeaMonkey | =2.22-beta2 | |
| Firefox | =17.0 | |
| Firefox | =17.0.1 | |
| Firefox | =17.0.2 | |
| Firefox | =17.0.3 | |
| Firefox | =17.0.4 | |
| Firefox | =17.0.5 | |
| Firefox | =17.0.6 | |
| Firefox | =17.0.7 | |
| Firefox | =17.0.8 | |
| Firefox | =17.0.9 | |
| Firefox | =17.0.10 | |
| Firefox | =24.0 | |
| Firefox ESR | =24.0.1 | |
| Firefox ESR | =24.0.2 | |
| Firefox | <=25.0 | |
| Firefox | =19.0 | |
| Firefox | =19.0.1 | |
| Firefox | =19.0.2 | |
| Firefox | =20.0 | |
| Firefox | =20.0.1 | |
| Firefox | =21.0 | |
| Firefox | =22.0 | |
| Firefox | =23.0 | |
| Firefox | =23.0.1 | |
| Firefox ESR | =17.0 | |
| Firefox ESR | =17.0.1 | |
| Firefox ESR | =17.0.2 | |
| Firefox ESR | =17.0.3 | |
| Firefox ESR | =17.0.4 | |
| Firefox ESR | =17.0.5 | |
| Firefox ESR | =17.0.6 | |
| Firefox ESR | =17.0.7 | |
| Firefox ESR | =17.0.8 | |
| Firefox ESR | =17.0.9 | |
| Firefox ESR | =17.0.10 | |
| Firefox ESR | =24.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html
- http://rhn.redhat.com/errata/RHSA-2013-1791.html
- http://rhn.redhat.com/errata/RHSA-2013-1829.html
- http://security.gentoo.org/glsa/glsa-201406-19.xml
- http://www.debian.org/security/2013/dsa-2820
- http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/63802
- http://www.ubuntu.com/usn/USN-2031-1
- http://www.ubuntu.com/usn/USN-2032-1
- http://www.ubuntu.com/usn/USN-2087-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=927687
- https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2013-5607?
CVE-2013-5607 has a moderate severity rating as it allows remote attackers to cause a denial of service by triggering an application crash.
How do I fix CVE-2013-5607?
To fix CVE-2013-5607, update to a version of Mozilla Netscape Portable Runtime or the associated applications that is 4.10.2 or later.
Which software versions are affected by CVE-2013-5607?
CVE-2013-5607 affects versions of Mozilla Netscape Portable Runtime before 4.10.2, Firefox before 25.0.1, and SeaMonkey before 2.22.1.
What vulnerabilities are related to CVE-2013-5607?
CVE-2013-5607 itself is a specific vulnerability, but it may be related to other denial of service vulnerabilities in similar Mozilla components.
Is CVE-2013-5607 exploitable in all environments?
CVE-2013-5607 can be exploited in any environment where vulnerable versions of the affected software are running.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/netscape portable runtime
- version/netscape portable runtime/4.10.1
- version/netscape portable runtime/4.1.1
- version/netscape portable runtime/4.1.2
- version/netscape portable runtime/4.2
- version/netscape portable runtime/4.2.2
- version/netscape portable runtime/4.3
- version/netscape portable runtime/4.4.1
- version/netscape portable runtime/4.5.1
- version/netscape portable runtime/4.6
- version/netscape portable runtime/4.6.1
- version/netscape portable runtime/4.6.2
- version/netscape portable runtime/4.6.3
- version/netscape portable runtime/4.6.4
- version/netscape portable runtime/4.6.5
- version/netscape portable runtime/4.6.6
- version/netscape portable runtime/4.6.7
- version/netscape portable runtime/4.6.8
- version/netscape portable runtime/4.7
- version/netscape portable runtime/4.7.1
- version/netscape portable runtime/4.7.2
- version/netscape portable runtime/4.7.3
- version/netscape portable runtime/4.7.4
- version/netscape portable runtime/4.7.5
- version/netscape portable runtime/4.7.6
- version/netscape portable runtime/4.8
- version/netscape portable runtime/4.8.2
- version/netscape portable runtime/4.8.3
- version/netscape portable runtime/4.8.4
- version/netscape portable runtime/4.8.5
- version/netscape portable runtime/4.8.6
- version/netscape portable runtime/4.8.7
- version/netscape portable runtime/4.8.8
- version/netscape portable runtime/4.8.9
- version/netscape portable runtime/4.9
- version/netscape portable runtime/4.9.1
- version/netscape portable runtime/4.9.2
- version/netscape portable runtime/4.9.3
- version/netscape portable runtime/4.9.4
- version/netscape portable runtime/4.9.5
- version/netscape portable runtime/4.9.6
- version/netscape portable runtime/4.10
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.22
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/2.0.7
- version/mozilla seamonkey/2.0.8
- version/mozilla seamonkey/2.0.9
- version/mozilla seamonkey/2.0.10
- version/mozilla seamonkey/2.0.11
- version/mozilla seamonkey/2.0.12
- version/mozilla seamonkey/2.0.13
- version/mozilla seamonkey/2.0.14
- version/mozilla seamonkey/2.1
- version/mozilla seamonkey/2.1-alpha1
- version/mozilla seamonkey/2.1-alpha2
- version/mozilla seamonkey/2.1-alpha3
- version/mozilla seamonkey/2.1-beta1
- version/mozilla seamonkey/2.1-beta2
- version/mozilla seamonkey/2.1-beta3
- version/mozilla seamonkey/2.1-rc1
- version/mozilla seamonkey/2.1-rc2
- version/mozilla seamonkey/2.10
- version/mozilla seamonkey/2.10-beta1
- version/mozilla seamonkey/2.10-beta2
- version/mozilla seamonkey/2.10-beta3
- version/mozilla seamonkey/2.10.1
- version/mozilla seamonkey/2.11
- version/mozilla seamonkey/2.11-beta1
- version/mozilla seamonkey/2.11-beta2
- version/mozilla seamonkey/2.11-beta3
- version/mozilla seamonkey/2.11-beta4
- version/mozilla seamonkey/2.11-beta5
- version/mozilla seamonkey/2.11-beta6
- version/mozilla seamonkey/2.12
- version/mozilla seamonkey/2.12-beta1
- version/mozilla seamonkey/2.12-beta2
- version/mozilla seamonkey/2.12-beta3
- version/mozilla seamonkey/2.12-beta4
- version/mozilla seamonkey/2.12-beta5
- version/mozilla seamonkey/2.12-beta6
- version/mozilla seamonkey/2.12.1
- version/mozilla seamonkey/2.13
- version/mozilla seamonkey/2.13-beta1
- version/mozilla seamonkey/2.13-beta2
- version/mozilla seamonkey/2.13-beta3
- version/mozilla seamonkey/2.13-beta4
- version/mozilla seamonkey/2.13-beta5
- version/mozilla seamonkey/2.13-beta6
- version/mozilla seamonkey/2.13.1
- version/mozilla seamonkey/2.13.2
- version/mozilla seamonkey/2.14
- version/mozilla seamonkey/2.14-beta1
- version/mozilla seamonkey/2.14-beta2
- version/mozilla seamonkey/2.14-beta3
- version/mozilla seamonkey/2.14-beta4
- version/mozilla seamonkey/2.14-beta5
- version/mozilla seamonkey/2.15
- version/mozilla seamonkey/2.15-beta1
- version/mozilla seamonkey/2.15-beta2
- version/mozilla seamonkey/2.15-beta3
- version/mozilla seamonkey/2.15-beta4
- version/mozilla seamonkey/2.15-beta5
- version/mozilla seamonkey/2.15-beta6
- version/mozilla seamonkey/2.15.1
- version/mozilla seamonkey/2.15.2
- version/mozilla seamonkey/2.16
- version/mozilla seamonkey/2.16-beta1
- version/mozilla seamonkey/2.16-beta2
- version/mozilla seamonkey/2.16-beta3
- version/mozilla seamonkey/2.16-beta4
- version/mozilla seamonkey/2.16-beta5
- version/mozilla seamonkey/2.16.1
- version/mozilla seamonkey/2.16.2
- version/mozilla seamonkey/2.17
- version/mozilla seamonkey/2.17-beta1
- version/mozilla seamonkey/2.17-beta2
- version/mozilla seamonkey/2.17-beta3
- version/mozilla seamonkey/2.17-beta4
- version/mozilla seamonkey/2.17.1
- version/mozilla seamonkey/2.18-beta1
- version/mozilla seamonkey/2.18-beta2
- version/mozilla seamonkey/2.18-beta3
- version/mozilla seamonkey/2.18-beta4
- version/mozilla seamonkey/2.19
- version/mozilla seamonkey/2.19-beta1
- version/mozilla seamonkey/2.19-beta2
- version/mozilla seamonkey/2.20
- version/mozilla seamonkey/2.20-beta1
- version/mozilla seamonkey/2.20-beta2
- version/mozilla seamonkey/2.20-beta3
- version/mozilla seamonkey/2.21
- version/mozilla seamonkey/2.21-beta1
- version/mozilla seamonkey/2.21-beta2
- version/mozilla seamonkey/2.22-beta1
- version/mozilla seamonkey/2.22-beta2
- canonical/firefox
- version/firefox/17.0
- version/firefox/17.0.1
- version/firefox/17.0.2
- version/firefox/17.0.3
- version/firefox/17.0.4
- version/firefox/17.0.5
- version/firefox/17.0.6
- version/firefox/17.0.7
- version/firefox/17.0.8
- version/firefox/17.0.9
- version/firefox/17.0.10
- version/firefox/24.0
- canonical/firefox esr
- version/firefox esr/24.0.1
- version/firefox esr/24.0.2
- version/firefox/25.0
- version/firefox/19.0
- version/firefox/19.0.1
- version/firefox/19.0.2
- version/firefox/20.0
- version/firefox/20.0.1
- version/firefox/21.0
- version/firefox/22.0
- version/firefox/23.0
- version/firefox/23.0.1
- version/firefox esr/17.0
- version/firefox esr/17.0.1
- version/firefox esr/17.0.2
- version/firefox esr/17.0.3
- version/firefox esr/17.0.4
- version/firefox esr/17.0.5
- version/firefox esr/17.0.6
- version/firefox esr/17.0.7
- version/firefox esr/17.0.8
- version/firefox esr/17.0.9
- version/firefox esr/17.0.10
- version/firefox esr/24.0