Description
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
References (13)
Core 13
Core References
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1791-1
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1135.html
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2013/mfsa2013-40.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/58826
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1144.html
Third Party Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=629816
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
Scores
EPSS
0.0521
EPSS Percentile
91.5%
Details
CWE
CWE-119
Status
published
Products (18)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
mozilla/firefox
< 20.0
mozilla/network_security_services
< 3.15
mozilla/seamonkey
< 2.17
mozilla/thunderbird
< 17.0.5
mozilla/thunderbird_esr
17.0 - 17.0.5
oracle/vm_server
3.2
... and 8 more
Published
Apr 03, 2013
Tracked Since
Feb 18, 2026