====================================================== Name: CVE-2013-1739 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130213 Category: Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=894370 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1012656 Reference: CONFIRM:https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Reproducible: Steps to Reproduce:
http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:257/
Yep, I mentioned this one here: https://bugs.mageia.org/show_bug.cgi?id=11370#c2 I was thinking we could wait and push this when we do the FF/TB 24 updates. Any reason to do it sooner?
URL: (none) => http://lwn.net/Vulnerabilities/570149/Version: 2 => 3Depends on: (none) => 11370Summary: CVE-2013-1739: nss - Avoid uninitialized data read in the event of a decryption failure. => nss - Avoid uninitialized data read in the event of a decryption failure (CVE-2013-1739)Whiteboard: (none) => MGA2TOO
Ãou could, but I chose not to wait as I don't know when there's a new security release of ff 24.
Fixed now that the Firefox update has been pushed.
Status: NEW => RESOLVEDResolution: (none) => FIXED