Pascal Cuoq, RedHat developer Kamil Dudka, and Google developer Wan-Teh Chang found a flaw similar to CVE-2013-1741 in Netscape Portable Runtime (NSPR) library code suffered the same integer truncation. Upstream patch: https://hg.mozilla.org/projects/nspr/rev/4df6bc35be64 External Reference: http://www.mozilla.org/security/announce/2013/mfsa2013-103.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of this issue.
Created nspr tracking bugs for this issue: Affects: fedora-all [bug 1031898]
Fixed upstream in NSPR 4.10.2: https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/_8AcygMEjSA Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=927687
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1791 https://rhn.redhat.com/errata/RHSA-2013-1791.html
nspr-4.10.2-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1829 https://rhn.redhat.com/errata/RHSA-2013-1829.html
nspr-4.10.2-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.