Unrated severityNVD Advisory· Published Apr 3, 2013· Updated Apr 29, 2026

CVE-2013-0791

Description

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <=20.0
Mozilla Corporation/Network Security Services
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
Range: <3.15
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <2.17
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <17.0.5
Mozilla Corporation/Thunderbird Esr
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
Range: >=17.0,<17.0.5
Oracle Corporation/Vm Server
cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPatchVendor Advisory
kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1135.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1144.htmlnvdThird Party Advisory
www.mozilla.org/security/announce/2013/mfsa2013-40.htmlnvdVendor Advisory
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvdThird Party Advisory
www.securityfocus.com/bid/58826nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1791-1nvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.htmlnvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000