Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-5606

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

Related bugs and status

CVE-2013-5606 (Candidate) is related to these bugs:

Bug #1251576: Update to 25.0.1

Summary				In	Importance	Status
	1251576	Update to 25.0.1		firefox (Ubuntu)	Undecided	Fix Released

Bug #1253616: Update to Thunderbird 24.1.1

Summary				In	Importance	Status
	1253616	Update to Thunderbird 24.1.1		thunderbird (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.mozil...
CONFIRM: https://developer.mozi...
CONFIRM: http://www.mozilla.org...
REDHAT: RHSA-2013:1791
REDHAT: RHSA-2013:1829
SUSE: SUSE-SU-2013:1807
SUSE: openSUSE-SU-2013:1732
UBUNTU: USN-2030-1
REDHAT: RHSA-2014:0041
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201406-19
FULLDISC: 20141205 NEW: VMSA-201...
CONFIRM: http://www.vmware.com/...
DEBIAN: DSA-2994
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 63737
GENTOO: GLSA-201504-01
CONFIRM: http://kb.juniper.net/...
CONFIRM: http://www.oracle.com/...
BUGTRAQ: 20141205 NEW: VMSA-201...