CVE-2013-5607 [High] | Denial of Service in Netscape Portable Runtime

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	2.21%	2.96%	+0.75%
2	2026-05-24	1.59%	2.21%	+0.62%
3	2025-03-30	—	1.59%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

2.21%

2.96%

+0.75%

2026-05-24

1.59%

2.21%

+0.62%

2025-03-30

—

1.59%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	2.0	HIGH	`AV:N/AC:L/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	10.0	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.5

2.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

6.4

[email protected]

OS Trackers for CVE-2013-5607

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2013-5607 not yet assigned priority: Debian including 1 source packages (nspr), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2013-5607
`gentoo`	normal	CVE-2013-5607: 2 GLSA(s) (201406-19, 201504-01), 8 atom(s) (dev-libs/nspr, dev-libs/nss, …); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-5607
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2013-5607
`suse`	medium	CVE-2013-5607 severity moderate: SUSE including 45 source package names (libfreebl3, libfreebl3-3.15.3-0.3.1, …), 154 product×package rows across 31 product lines (HPE Helion OpenStack 8, SUSE Linux Enterprise Desktop 11 SP2, … (31 product lines)): Fixed 93, Known Not Affected 61.	https://www.suse.com/security/cve/CVE-2013-5607/
`ubuntu`	medium	CVE-2013-5607 medium priority: Ubuntu including 3 source packages (firefox, nspr, thunderbird), 18 status rows across 6 suites (lucid, precise, quantal, raring, saucy, upstream): released 15, ignored 3.	https://ubuntu.com/security/CVE-2013-5607

Affected software / configurations for CVE-2013-5607

Vendor	Product	Version	Raw CPE
mozilla	netscape_portable_runtime	<= 4.10.1	cpe:2.3:a:mozilla:netscape_portable_runtime::::::::
mozilla	netscape_portable_runtime	4.1.1	cpe:2.3:a:mozilla:netscape_portable_runtime:4.1.1:::::::*
mozilla	netscape_portable_runtime	4.1.2	cpe:2.3:a:mozilla:netscape_portable_runtime:4.1.2:::::::*
mozilla	netscape_portable_runtime	4.2	cpe:2.3:a:mozilla:netscape_portable_runtime:4.2:::::::*
mozilla	netscape_portable_runtime	4.2.2	cpe:2.3:a:mozilla:netscape_portable_runtime:4.2.2:::::::*
mozilla	netscape_portable_runtime	4.3	cpe:2.3:a:mozilla:netscape_portable_runtime:4.3:::::::*
mozilla	netscape_portable_runtime	4.4.1	cpe:2.3:a:mozilla:netscape_portable_runtime:4.4.1:::::::*
mozilla	netscape_portable_runtime	4.5.1	cpe:2.3:a:mozilla:netscape_portable_runtime:4.5.1:::::::*
mozilla	netscape_portable_runtime	4.6	cpe:2.3:a:mozilla:netscape_portable_runtime:4.6:::::::*
mozilla	netscape_portable_runtime	4.6.1	cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.1:::::::*
mozilla	netscape_portable_runtime	4.6.2	cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.2:::::::*
mozilla	netscape_portable_runtime	4.6.3	cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.3:::::::*
mozilla	netscape_portable_runtime	4.6.4	cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.4:::::::*
mozilla	netscape_portable_runtime	4.6.5	cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.5:::::::*
mozilla	netscape_portable_runtime	4.6.6	cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.6:::::::*
mozilla	netscape_portable_runtime	4.6.7	cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.7:::::::*
mozilla	netscape_portable_runtime	4.6.8	cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.8:::::::*
mozilla	netscape_portable_runtime	4.7	cpe:2.3:a:mozilla:netscape_portable_runtime:4.7:::::::*
mozilla	netscape_portable_runtime	4.7.1	cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.1:::::::*
mozilla	netscape_portable_runtime	4.7.2	cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.2:::::::*
mozilla	netscape_portable_runtime	4.7.3	cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.3:::::::*
mozilla	netscape_portable_runtime	4.7.4	cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.4:::::::*
mozilla	netscape_portable_runtime	4.7.5	cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.5:::::::*
mozilla	netscape_portable_runtime	4.7.6	cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.6:::::::*
mozilla	netscape_portable_runtime	4.8	cpe:2.3:a:mozilla:netscape_portable_runtime:4.8:::::::*
mozilla	netscape_portable_runtime	4.8.2	cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.2:::::::*
mozilla	netscape_portable_runtime	4.8.3	cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.3:::::::*
mozilla	netscape_portable_runtime	4.8.4	cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.4:::::::*
mozilla	netscape_portable_runtime	4.8.5	cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.5:::::::*
mozilla	netscape_portable_runtime	4.8.6	cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.6:::::::*
mozilla	netscape_portable_runtime	4.8.7	cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.7:::::::*
mozilla	netscape_portable_runtime	4.8.8	cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.8:::::::*
mozilla	netscape_portable_runtime	4.8.9	cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.9:::::::*
mozilla	netscape_portable_runtime	4.9	cpe:2.3:a:mozilla:netscape_portable_runtime:4.9:::::::*
mozilla	netscape_portable_runtime	4.9.1	cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.1:::::::*
mozilla	netscape_portable_runtime	4.9.2	cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.2:::::::*
mozilla	netscape_portable_runtime	4.9.3	cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.3:::::::*
mozilla	netscape_portable_runtime	4.9.4	cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.4:::::::*
mozilla	netscape_portable_runtime	4.9.5	cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.5:::::::*
mozilla	netscape_portable_runtime	4.9.6	cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.6:::::::*
mozilla	netscape_portable_runtime	4.10	cpe:2.3:a:mozilla:netscape_portable_runtime:4.10:::::::*
mozilla	seamonkey	<= 2.22	cpe:2.3:a:mozilla:seamonkey::::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
mozilla	seamonkey	2.0.1	cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
mozilla	seamonkey	2.0.2	cpe:2.3:a:mozilla:seamonkey:2.0.2:::::::*
mozilla	seamonkey	2.0.3	cpe:2.3:a:mozilla:seamonkey:2.0.3:::::::*
mozilla	seamonkey	2.0.4	cpe:2.3:a:mozilla:seamonkey:2.0.4:::::::*
mozilla	seamonkey	2.0.5	cpe:2.3:a:mozilla:seamonkey:2.0.5:::::::*
mozilla	seamonkey	2.0.6	cpe:2.3:a:mozilla:seamonkey:2.0.6:::::::*
mozilla	seamonkey	2.0.7	cpe:2.3:a:mozilla:seamonkey:2.0.7:::::::*
mozilla	seamonkey	2.0.8	cpe:2.3:a:mozilla:seamonkey:2.0.8:::::::*
mozilla	seamonkey	2.0.9	cpe:2.3:a:mozilla:seamonkey:2.0.9:::::::*
mozilla	seamonkey	2.0.10	cpe:2.3:a:mozilla:seamonkey:2.0.10:::::::*
mozilla	seamonkey	2.0.11	cpe:2.3:a:mozilla:seamonkey:2.0.11:::::::*
mozilla	seamonkey	2.0.12	cpe:2.3:a:mozilla:seamonkey:2.0.12:::::::*
mozilla	seamonkey	2.0.13	cpe:2.3:a:mozilla:seamonkey:2.0.13:::::::*
mozilla	seamonkey	2.0.14	cpe:2.3:a:mozilla:seamonkey:2.0.14:::::::*
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:::::::*
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:alpha1::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:alpha2::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:alpha3::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:beta1::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:beta2::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:beta3::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:rc1::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:rc2::::::
mozilla	seamonkey	2.10	cpe:2.3:a:mozilla:seamonkey:2.10:::::::*
mozilla	seamonkey	2.10	cpe:2.3:a:mozilla:seamonkey:2.10:beta1::::::
mozilla	seamonkey	2.10	cpe:2.3:a:mozilla:seamonkey:2.10:beta2::::::
mozilla	seamonkey	2.10	cpe:2.3:a:mozilla:seamonkey:2.10:beta3::::::
mozilla	seamonkey	2.10.1	cpe:2.3:a:mozilla:seamonkey:2.10.1:::::::*
mozilla	seamonkey	2.11	cpe:2.3:a:mozilla:seamonkey:2.11:::::::*
mozilla	seamonkey	2.11	cpe:2.3:a:mozilla:seamonkey:2.11:beta1::::::

References for CVE-2013-5607

URL	Tags
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html
http://rhn.redhat.com/errata/RHSA-2013-1791.html
http://rhn.redhat.com/errata/RHSA-2013-1829.html
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://www.debian.org/security/2013/dsa-2820
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/63802
http://www.ubuntu.com/usn/USN-2031-1
http://www.ubuntu.com/usn/USN-2032-1
http://www.ubuntu.com/usn/USN-2087-1
https://bugzilla.mozilla.org/show_bug.cgi?id=927687
https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ
https://security.gentoo.org/glsa/201504-01

URL

CVE-2013-5607

Exploit prediction scoring system (EPSS) score for CVE-2013-5607

Common vulnerability scoring system (CVSS) metrics for CVE-2013-5607

Weakness enumeration for CVE-2013-5607

OS Trackers for CVE-2013-5607

Affected software / configurations for CVE-2013-5607

References for CVE-2013-5607