CVE-2013-0743

Publication date 7 January 2013

Last updated 4 August 2025

Ubuntu priority

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	12.10 quantal	Fixed 18.0+build1-0ubuntu0.12.10.3
	12.04 LTS precise	Fixed 18.0+build1-0ubuntu0.12.04.3
	11.10 oneiric	Fixed 18.0+build1-0ubuntu0.11.10.3
	10.04 LTS lucid	Fixed 18.0+build1-0ubuntu0.10.04.3
	8.04 LTS hardy	Ignored end of life
nss	12.10 quantal	Fixed 3.14.1-0ckbi1.93ubuntu.0.12.10.1
	12.04 LTS precise	Fixed 3.14.1-0ckbi1.93ubuntu.0.12.04.1
	11.10 oneiric	Fixed 3.14.1-0ckbi1.93ubuntu.0.11.10.1
	10.04 LTS lucid	Fixed 3.14.1-0ckbi1.93ubuntu.0.10.04.1
	8.04 LTS hardy	Ignored end of life
thunderbird	12.10 quantal	Fixed 17.0.2+build1-0ubuntu0.12.10.1
	12.04 LTS precise	Fixed 17.0.2+build1-0ubuntu0.12.04.1
	11.10 oneiric	Fixed 17.0.2+build1-0ubuntu0.11.10.1
	10.04 LTS lucid	Fixed 17.0.2+build1-0ubuntu0.10.04.1
	8.04 LTS hardy	Ignored end of life

Notes

jdstrand

this requires updating nss and nspr on stable releases or backporting the fixes that allow blacklisting arbitrary certificates Debian fix is incomplete (see Debian bug)

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
nss	Vendor: http://www.debian.org/security/2013/dsa-2599 Other: http://hg.mozilla.org/releases/mozilla-release/rev/b0e010f68b06

References

Related Ubuntu Security Notices (USN)

USN-1681-2
Thunderbird vulnerabilities
9 January 2013

USN-1681-1
Firefox vulnerabilities
9 January 2013

USN-1687-1
NSS vulnerability
14 January 2013