Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-0764

Source

Mozilla Foundation Security Advisory 2013-07

Crash due to handling of SSL on threads

Announced

January 8, 2013

Reporter

Jerry Baker

Impact

High

Products

Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR

Fixed in

Firefox 18
Firefox ESR 17.0.2
SeaMonkey 2.15
Thunderbird 17.0.2
Thunderbird ESR 17.0.2

Description

Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable.

While the initial issue was found through Thunderbird, the affected networking library is common to Mozilla code.

References

Crash [@ nsSOCKSSocketInfo::ConnectToProxy(PRFileDesc*) ] clicking "Download the rest of the message" (CVE-2013-0764)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Crash due to handling of SSL on threads

Crash due to handling of SSL on threads

Description

References

Vulmon Search

About

Products

Connect