CVE-2013-0791

Firefox < 20.0 - Memory Corruption via Crafted Certificate

Title source: llm
STIX 2.1

Description

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.

References (13)

Core 13
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1791-1
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1135.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58826
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1144.html
Third Party Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=629816

Scores

EPSS 0.0521
EPSS Percentile 91.5%

Details

CWE
CWE-119
Status published
Products (18)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 11.10
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
mozilla/firefox < 20.0
mozilla/network_security_services < 3.15
mozilla/seamonkey < 2.17
mozilla/thunderbird < 17.0.5
mozilla/thunderbird_esr 17.0 - 17.0.5
oracle/vm_server 3.2
... and 8 more
Published Apr 03, 2013
Tracked Since Feb 18, 2026