CVE-2013-1739 - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initi

CVE-2013-1739

Summary

Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-10-2018 - 19:33)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2014-10-06T04:02:48.250-04:00

class

vulnerability

contributors

name Maria Kedovskaya
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Richard Helbing
organization baramundi software
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT

definition_extensions

comment Mozilla Seamonkey is installed
oval oval:org.mitre.oval:def:6372
comment Mozilla Thunderbird Mainline release is installed
oval oval:org.mitre.oval:def:22093
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259

description

family

windows

oval:org.mitre.oval:def:19254

status

accepted

submitted

2013-11-01T16:31:26.748+04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2013:1791
rhsa
id RHSA-2013:1829

rpms

nspr-0:4.10.2-2.el5_10
nspr-debuginfo-0:4.10.2-2.el5_10
nspr-devel-0:4.10.2-2.el5_10
nss-0:3.15.3-3.el5_10
nss-debuginfo-0:3.15.3-3.el5_10
nss-devel-0:3.15.3-3.el5_10
nss-pkcs11-devel-0:3.15.3-3.el5_10
nss-tools-0:3.15.3-3.el5_10
nspr-0:4.10.2-1.el6_5
nspr-debuginfo-0:4.10.2-1.el6_5
nspr-devel-0:4.10.2-1.el6_5
nss-0:3.15.3-2.el6_5
nss-debuginfo-0:3.15.3-2.el6_5
nss-devel-0:3.15.3-2.el6_5
nss-pkcs11-devel-0:3.15.3-2.el6_5
nss-sysinit-0:3.15.3-2.el6_5
nss-tools-0:3.15.3-2.el6_5
nss-util-0:3.15.3-1.el6_5
nss-util-debuginfo-0:3.15.3-1.el6_5
nss-util-devel-0:3.15.3-1.el6_5

refmap via4

bid	62966
bugtraq	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://www.mozilla.org/security/announce/2013/mfsa2013-93.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://bugzilla.mozilla.org/show_bug.cgi?id=894370 https://bugzilla.redhat.com/show_bug.cgi?id=1012656 https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes
debian	DSA-2790
fulldisc	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
gentoo	GLSA-201406-19
suse	SUSE-SU-2013:1678 openSUSE-SU-2013:1539 openSUSE-SU-2013:1542
ubuntu	USN-2030-1

Last major update

09-10-2018 - 19:33

Published

22-10-2013 - 22:55

Last modified

09-10-2018 - 19:33