CVE-2013-0796

The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html	Exploit Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=838413	Exploit Issue Tracking Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=827106	Exploit Issue Tracking Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0697.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0696.html	Third Party Advisory
http://www.ubuntu.com/usn/USN-1791-1	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html	Mailing List Third Party Advisory
http://www.debian.org/security/2013/dsa-2699	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html	Mailing List Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Information

Published : 2013-04-03 04:56

Updated : 2023-01-18 18:41

NVD link : CVE-2013-0796

Mitre link : CVE-2013-0796

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

mozilla

firefox_esr
thunderbird
firefox
seamonkey
thunderbird_esr

linux

linux_kernel

Show plain JSON

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html", "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html", "tags": ["Exploit", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html", "name": "RHSA-2013:0697", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html", "name": "openSUSE-SU-2013:0630", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html", "name": "RHSA-2013:0696", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.ubuntu.com/usn/USN-1791-1", "name": "USN-1791-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html", "name": "openSUSE-SU-2013:0631", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html", "name": "SUSE-SU-2013:0645", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html", "name": "SUSE-SU-2013:0850", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.debian.org/security/2013/dsa-2699", "name": "DSA-2699", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html", "name": "openSUSE-SU-2013:0875", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-0796", "ASSIGNER": "security@mozilla.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-04-03T11:56Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "20.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.17"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-19T02:41Z"}

{

cve : { »

data_type : CVE (string)

references : { »

reference_data : [ »

0 : { »

url : http://www.mozilla.org/security/announce/2013/mfsa2013-35.html (string)

name : http://www.mozilla.org/security/announce/2013/mfsa2013-35.html (string)

tags : [ »

0 : Exploit (string)

1 : Vendor Advisory (string)

]

refsource : CONFIRM (string)

}

1 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=838413 (string)

name : https://bugzilla.mozilla.org/show_bug.cgi?id=838413 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Patch (string)

3 : Vendor Advisory (string)

]

refsource : CONFIRM (string)

}

2 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=827106 (string)

name : https://bugzilla.mozilla.org/show_bug.cgi?id=827106 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Vendor Advisory (string)

]

refsource : CONFIRM (string)

}

3 : { »

url : http://rhn.redhat.com/errata/RHSA-2013-0697.html (string)

name : RHSA-2013:0697 (string)

tags : [ »

0 : Third Party Advisory (string)

]

refsource : REDHAT (string)

}

4 : { »

url : http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html (string)

name : openSUSE-SU-2013:0630 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

refsource : SUSE (string)

}

5 : { »

url : http://rhn.redhat.com/errata/RHSA-2013-0696.html (string)

name : RHSA-2013:0696 (string)

tags : [ »

0 : Third Party Advisory (string)

]

refsource : REDHAT (string)

}

6 : { »

url : http://www.ubuntu.com/usn/USN-1791-1 (string)

name : USN-1791-1 (string)

tags : [ »

0 : Third Party Advisory (string)

]

refsource : UBUNTU (string)

}

7 : { »

url : http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html (string)

name : openSUSE-SU-2013:0631 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

refsource : SUSE (string)

}

8 : { »

url : http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html (string)

name : SUSE-SU-2013:0645 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

refsource : SUSE (string)

}

9 : { »

url : http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html (string)

name : SUSE-SU-2013:0850 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

refsource : SUSE (string)

}

10 : { »

url : http://www.debian.org/security/2013/dsa-2699 (string)

name : DSA-2699 (string)

tags : [ »

0 : Third Party Advisory (string)

]

refsource : DEBIAN (string)

}

11 : { »

url : http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html (string)

name : openSUSE-SU-2013:0875 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

refsource : SUSE (string)

}

]

}

data_format : MITRE (string)

description : { »

description_data : [ »

0 : { »

lang : en (string)

value : The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

}

]

}

data_version : 4.0 (string)

CVE_data_meta : { »

ID : CVE-2013-0796 (string)

ASSIGNER : security@mozilla.org (string)

}

}

impact : { »

baseMetricV2 : { »

cvssV2 : { »

version : 2.0 (string)

baseScore : 10 (number)

accessVector : NETWORK (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

authentication : NONE (string)

integrityImpact : COMPLETE (string)

accessComplexity : LOW (string)

availabilityImpact : COMPLETE (string)

confidentialityImpact : COMPLETE (string)

}

severity : HIGH (string)

acInsufInfo : true (boolean)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

exploitabilityScore : 10 (number)

obtainUserPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

userInteractionRequired : false (boolean)

}

}

publishedDate : 2013-04-03T11:56Z (string)

configurations : { »

nodes : [ »

0 : { »

children : [ »

0 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : true (boolean)

versionEndExcluding : 20.0 (string)

}

]

}

1 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : false (boolean)

}

]

}

]

operator : AND (string)

cpe_match : [ *empty* ]

}

1 : { »

children : [ »

0 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : true (boolean)

versionEndExcluding : 17.0.5 (string)

versionStartIncluding : 17.0 (string)

}

]

}

1 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : false (boolean)

}

]

}

]

operator : AND (string)

cpe_match : [ *empty* ]

}

2 : { »

children : [ »

0 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : true (boolean)

versionEndExcluding : 17.0.5 (string)

versionStartIncluding : 17.0 (string)

}

]

}

1 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : false (boolean)

}

]

}

]

operator : AND (string)

cpe_match : [ *empty* ]

}

3 : { »

children : [ »

0 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : true (boolean)

versionEndExcluding : 17.0.5 (string)

versionStartIncluding : 17.0 (string)

}

]

}

1 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : false (boolean)

}

]

}

]

operator : AND (string)

cpe_match : [ *empty* ]

}

4 : { »

children : [ »

0 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : true (boolean)

versionEndExcluding : 2.17 (string)

}

]

}

1 : { »

children : [ *empty* ]

operator : OR (string)

cpe_match : [ »

0 : { »

cpe23Uri : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

cpe_name : [ *empty* ]

vulnerable : false (boolean)

}

]

}

]

operator : AND (string)

cpe_match : [ *empty* ]

}

]

CVE_data_version : 4.0 (string)

}

lastModifiedDate : 2023-01-19T02:41Z (string)

}