HIGH
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html
http://rhn.redhat.com/errata/RHSA-2013-1791.html
http://rhn.redhat.com/errata/RHSA-2013-1829.html
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://www.debian.org/security/2013/dsa-2820
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/63802
http://www.ubuntu.com/usn/USN-2031-1
http://www.ubuntu.com/usn/USN-2032-1
http://www.ubuntu.com/usn/USN-2087-1
https://bugzilla.mozilla.org/show_bug.cgi?id=927687
https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ
OR
cpe:2.3:a:mozilla:netscape_portable_runtime:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:4.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:netscape_portable_runtime:*:*:*:*:*:*:*:* versions up to 4.10.1 (inclusive)
OR
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.10:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.10:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.10:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.11:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.11:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.11:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.11:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.11:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.11:beta6:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.12:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.12:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.12:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.12:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.12:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.12:beta6:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.13:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.13:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.13:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.13:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.13:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.13:beta6:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.13.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.13.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.14:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.14:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.14:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.14:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.14:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.15:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.15:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.15:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.15:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.15:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.15:beta6:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.15.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.15.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.16:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.16:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.16:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.16:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.16:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.16.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.16.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.17:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.17:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.17:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.17:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.17.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.18:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.18:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.18:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.18:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.19:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.19:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.19:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.20:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.20:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.20:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.20:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.21:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.21:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.21:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 2.22 (inclusive)
OR
cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:17.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*
OR
cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:23.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:23.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 25.0 (inclusive)
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 82632 | GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 76178 | GLSA-201406-19 : Mozilla Network Security Service: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 72115 | Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : nspr vulnerability (USN-2087-1) | Nessus | Ubuntu Local Security Checks | high |
| 71578 | Amazon Linux AMI : nspr (ALAS-2013-266) | Nessus | Amazon Linux Local Security Checks | high |
| 71577 | Amazon Linux AMI : nss (ALAS-2013-265) | Nessus | Amazon Linux Local Security Checks | high |
| 71502 | Debian DSA-2820-1 : nspr - integer overflow | Nessus | Debian Local Security Checks | high |
| 71424 | Scientific Linux Security Update : nss, nspr, and nss-util on SL6.x i386/x86_64 (20131212) | Nessus | Scientific Linux Local Security Checks | high |
| 71390 | RHEL 6 : nss, nspr, and nss-util (RHSA-2013:1829) | Nessus | Red Hat Local Security Checks | high |
| 71388 | Oracle Linux 6 : nspr / nss / nss-util (ELSA-2013-1829) | Nessus | Oracle Linux Local Security Checks | high |
| 71385 | Fedora 18 : nspr-4.10.2-1.fc18 (2013-23139) | Nessus | Fedora Local Security Checks | high |
| 71380 | CentOS 6 : nspr / nss / nss-util (CESA-2013:1829) | Nessus | CentOS Local Security Checks | high |
| 71332 | Fedora 19 : nspr-4.10.2-1.fc19 (2013-23159) | Nessus | Fedora Local Security Checks | high |
| 71306 | Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20131205) | Nessus | Scientific Linux Local Security Checks | high |
| 71243 | RHEL 5 : nss and nspr (RHSA-2013:1791) | Nessus | Red Hat Local Security Checks | high |
| 71241 | Oracle Linux 5 : nspr / nss (ELSA-2013-1791) | Nessus | Oracle Linux Local Security Checks | high |
| 71237 | CentOS 5 : nspr / nss (CESA-2013:1791) | Nessus | CentOS Local Security Checks | high |
| 71172 | SuSE 11.2 / 11.3 Security Update : mozilla-nspr, mozilla-nss (SAT Patch Numbers 8572 / 8573) | Nessus | SuSE Local Security Checks | high |
| 71045 | Mozilla Thunderbird < 24.1.1 NSS and NSPR Multiple Vulnerabilities | Nessus | Windows | high |
| 71043 | Thunderbird < 24.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | high |
| 71036 | Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : thunderbird vulnerabilities (USN-2032-1) | Nessus | Ubuntu Local Security Checks | high |
| 71021 | Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2031-1) | Nessus | Ubuntu Local Security Checks | high |
| 70998 | Mandriva Linux Security Advisory : nss (MDVSA-2013:270) | Nessus | Mandriva Local Security Checks | high |
| 70950 | SeaMonkey < 2.22.1 NSS and NSPR Multiple Vulnerabilities | Nessus | Windows | high |
| 70949 | Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities | Nessus | Windows | high |
| 70948 | Firefox ESR 24.x < 24.1.1 NSS and NSPR Multiple Vulnerabilities | Nessus | Windows | high |
| 70946 | Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | high |
| 70945 | Firefox ESR 24.x < 24.1.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | high |