• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-40

Mozilla Foundation Security Advisory 2013-40

Title: Out-of-bounds array read in CERT_DecodeCertPackage
Impact: Moderate
Announced: April 2, 2013
Reporter: Ambroz Bizjak
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 20.0
  Firefox ESR 17.0.5
  Thunderbird 17.0.5
  Thunderbird ESR 17.0.5
  SeaMonkey 2.17

Description

Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash.

References

• CERT_DecodeCertPackage reads bytes outside the input buffer (CVE-2013-0791)