{"id":"MGASA-2013-0337","summary":"Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities","details":"Updated nspr and nss packages fix security vulnerabilities:\n\nPotentially exploitable buffer overflow in NSS before 3.15.3 that allows\nremote attackers to cause a denial of service or possibly have unspecified\nother impact via invalid handshake packets (CVE-2013-5605).\n\nThe CERT_VerifyCert function in lib/certhigh/certvfy.c in NSS before 3.15.3\nprovides an unexpected return value for an incompatible key-usage certificate\nwhen the CERTVerifyLog argument is valid, which might allow remote attackers\nto bypass intended access restrictions via a crafted certificate\n(CVE-2013-5606).\n\nRunaway memset due to an integer truncation in certificate parsing on 64-bit\ncomputers in NSS before 3.15.3 leading to a crash by attempting to write 4Gb\nof nulls (CVE-2013-1741).\n\nInteger overflow in NSPR before 4.10.2 due to unsigned integer wrapping in\nPL_ArenaAllocate (CVE-2013-5607).\n\nNSS lowered the priority of RC4 in cipher suite advertisement so that more\nsecure ciphers instead of RC4 are likely to be chosen by the server, because\nof plaintext recovery attacks possible with RC4 (CVE-2013-2566).\n\nThis also updates to the latest root certificate data from Mozilla.\n\nAdditionally, The latest Firefox ESR version, which fixes an issue with\ntranslated strings not being used in some cases, is also being provided.\n","modified":"2026-02-04T02:21:57.815160Z","published":"2013-11-20T20:54:49Z","related":["CVE-2013-1741","CVE-2013-2566","CVE-2013-5605","CVE-2013-5606","CVE-2013-5607"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0337.html"},{"type":"REPORT","url":"https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/_8AcygMEjSA"},{"type":"REPORT","url":"https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes"},{"type":"REPORT","url":"http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=932310"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/firefox/24.1.1/releasenotes/"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11669"}],"affected":[{"package":{"name":"rootcerts","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20131111.00-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.10.2-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}},{"package":{"name":"nss","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.15.3-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.1-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.1-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20131111.00-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.10.2-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}},{"package":{"name":"nss","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.15.3-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.1-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.1-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0337.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}