CVE-2013-0764Inadequate Encryption Strength in Mozilla Firefox

CWE-326Inadequate Encryption Strength7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
1.5%
top 18.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+6 more
Timeline
PublishedJan 13
Latest updateMay 13

Description

The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages8 packages

NVDmozilla/firefox< 17.0.3+1
NVDmozilla/thunderbird< 17.0.3
NVDmozilla/seamonkey< 2.16
NVDopensuse/opensuse11.4, 12.1, 12.2+2

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-x66h-pv23-hvpj: The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 182022-05-13
CVEList
CVE-2013-0764: The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 182013-01-13

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2013-01-09
Ubuntu
Thunderbird vulnerabilities2013-01-09
Red Hat
Mozilla: Crash due to handling of SSL on threads (MFSA 2013-07)2013-01-08

💬Community

1
Bugzilla
CVE-2013-0764 Mozilla: Crash due to handling of SSL on threads (MFSA 2013-07)2013-01-05
CVE-2013-0764 — Inadequate Encryption Strength | cvebase