Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors | Products |
---|---|
Mozilla |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2013-11-20T11:00:00
Updated: 2018-01-08T21:57:01
Reserved: 2013-08-26T00:00:00
Link: CVE-2013-5607
JSON object: View
NVD Information
Status : Modified
Published: 2013-11-20T14:12:50.697
Modified: 2018-01-09T02:29:04.690
Link: CVE-2013-5607
JSON object: View
Redhat Information
No data.
CWE