Mozilla Firefox Integer Overflow Vulnerability-01 Nov13 (Windows) Network Vulnerability

Summary

This host is installed with Mozilla Firefox and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 25.0.1 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html

Insight

The flaw is due to integer overflow in the 'PL_ArenaAllocate' function in Mozilla Netscape Portable Runtime (NSPR).

Affected

Mozilla Firefox before version 25.0.1 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://archives.neohapsis.com/archives/bugtraq/current/0105.html
http://secunia.com/advisories/55732
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5607

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Media Server Multiple Remote Security Vulnerabilities
Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
Adobe Air Code Execution and DoS Vulnerabilities (Windows)

Take action and discover your vulnerabilities