Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-5607

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

Related bugs and status

CVE-2013-5607 (Candidate) is related to these bugs:

Bug #1251576: Update to 25.0.1

Summary				In	Importance	Status
	1251576	Update to 25.0.1		firefox (Ubuntu)	Undecided	Fix Released

Bug #1253616: Update to Thunderbird 24.1.1

Summary				In	Importance	Status
	1253616	Update to Thunderbird 24.1.1		thunderbird (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [dev-tech-nspr] 201311...
CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
REDHAT: RHSA-2013:1791
REDHAT: RHSA-2013:1829
SUSE: SUSE-SU-2013:1807
SUSE: openSUSE-SU-2013:1732
UBUNTU: USN-2031-1
UBUNTU: USN-2032-1
UBUNTU: USN-2087-1
GENTOO: GLSA-201406-19
CONFIRM: http://www.oracle.com/...
BID: 63802
GENTOO: GLSA-201504-01
CONFIRM: http://kb.juniper.net/...
DEBIAN: DSA-2820