CVE-2013-0764

HIGH Year: 2013
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-326
View all →

Vulnerability Description

The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.

Related Vulnerabilities

CVE-2020-6966

CRITICAL
CVSS:10.0(Critical)

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the ...

CWE-3262020

CVE-2011-4121

CRITICAL
CVSS:9.8(Critical)

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use th...

CWE-3262011

CVE-2013-2166

CRITICAL
CVSS:9.8(Critical)

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

CWE-3262013

CVE-2013-7287

CRITICAL
CVSS:9.8(Critical)

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

CWE-3262013

CVE-2014-9975

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.

CWE-3262014

CVE-2015-0575

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.

CWE-3262015