CVE-2013-5607

Priority
Medium
Description
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape
Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1,
Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey
before 2.22.1, allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted
X.509 certificate, a related issue to CVE-2013-1741.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (24.1.1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:24.1.1+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (1:24.1.1+build1-0ubuntu0.12.10.1)
Ubuntu 13.04 (Raring Ringtail):released (1:24.1.1+build1-0ubuntu0.13.04.1)
Ubuntu 13.10 (Saucy Salamander):released (1:24.1.1+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.1.1+build1-0ubuntu0.13.10.1)
Package
Upstream:released (25.0.1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (25.0.1+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (25.0.1+build1-0ubuntu0.12.10.1)
Ubuntu 13.04 (Raring Ringtail):released (25.0.1+build1-0ubuntu0.13.04.1)
Ubuntu 13.10 (Saucy Salamander):released (25.0.1+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (26.0~b6+build1-0ubuntu1)
Package
Source: nspr (LP Ubuntu Debian)
Upstream:released (4.10.2)
Ubuntu 10.04 LTS (Lucid Lynx):released (4.9.5-0ubuntu0.10.04.2)
Ubuntu 12.04 LTS (Precise Pangolin):released (4.9.5-0ubuntu0.12.04.2)
Ubuntu 12.10 (Quantal Quetzal):released (4.9.5-0ubuntu0.12.10.2)
Ubuntu 13.04 (Raring Ringtail):ignored (reached end-of-life)
Ubuntu 13.10 (Saucy Salamander):released (2:4.9.5-1ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2:4.10.2-1ubuntu1)
Patches:
Upstream:https://hg.mozilla.org/projects/nspr/rev/4df6bc35be64
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-23 17:14:34 UTC (commit 7679)