CVE-2013-0796 - OpenCVE

The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Mozilla	Firefox Firefox Esr Seamonkey Thunderbird Thunderbird Esr
Redhat	Enterprise Linux Rhel Productivity

Configuration 1 [-]

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
thunderbird-0:17.0.5-1.el5_9	cpe:/a:redhat:rhel_productivity:5	RHSA-2013:0697	2013-04-02T00:00:00Z
firefox-0:17.0.5-1.el5_9	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0696	2013-04-02T00:00:00Z
xulrunner-0:17.0.5-1.el5_9	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0696	2013-04-02T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:17.0.5-1.el6_4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0696	2013-04-02T00:00:00Z
xulrunner-0:17.0.5-1.el6_4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0696	2013-04-02T00:00:00Z
thunderbird-0:17.0.5-1.el6_4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0697	2013-04-02T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
http://rhn.redhat.com/errata/RHSA-2013-0696.html
http://rhn.redhat.com/errata/RHSA-2013-0697.html
http://www.debian.org/security/2013/dsa-2699
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://www.ubuntu.com/usn/USN-1791-1
https://bugzilla.mozilla.org/show_bug.cgi?id=827106
https://bugzilla.mozilla.org/show_bug.cgi?id=838413
https://nvd.nist.gov/vuln/detail/CVE-2013-0796
https://www.cve.org/CVERecord?id=CVE-2013-0796

History

No history.

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2013-04-03T10:00:00

Updated: 2024-08-06T14:41:47.129Z

Reserved: 2013-01-02T00:00:00

Link: CVE-2013-0796

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-04-03T11:56:21.217

Modified: 2023-01-19T02:41:50.103

Link: CVE-2013-0796

Redhat

Severity : Critical

Publid Date: 2013-04-02T00:00:00Z

Links: CVE-2013-0796 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-04-11T09:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "SUSE-SU-2013:0850", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"name": "USN-1791-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"name": "DSA-2699", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2699"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413"}, {"name": "openSUSE-SU-2013:0630", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106"}, {"name": "RHSA-2013:0696", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html"}, {"name": "openSUSE-SU-2013:0631", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html"}, {"name": "RHSA-2013:0697", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html"}, {"name": "SUSE-SU-2013:0645", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}, {"name": "openSUSE-SU-2013:0875", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-0796", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2013:0850", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"name": "USN-1791-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"name": "DSA-2699", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2699"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413"}, {"name": "openSUSE-SU-2013:0630", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106"}, {"name": "RHSA-2013:0696", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html"}, {"name": "openSUSE-SU-2013:0631", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html"}, {"name": "RHSA-2013:0697", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html"}, {"name": "SUSE-SU-2013:0645", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}, {"name": "openSUSE-SU-2013:0875", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:41:47.129Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2013:0850", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"name": "USN-1791-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"name": "DSA-2699", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2699"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413"}, {"name": "openSUSE-SU-2013:0630", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106"}, {"name": "RHSA-2013:0696", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html"}, {"name": "openSUSE-SU-2013:0631", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html"}, {"name": "RHSA-2013:0697", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html"}, {"name": "SUSE-SU-2013:0645", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}, {"name": "openSUSE-SU-2013:0875", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-0796", "datePublished": "2013-04-03T10:00:00", "dateReserved": "2013-01-02T00:00:00", "dateUpdated": "2024-08-06T14:41:47.129Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F1F841D-03C5-48E3-BCA8-4436C146E8C9", "versionEndExcluding": "20.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D233DB53-44EA-4198-B691-7AA0579AF4A8", "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAF5F5B1-7D1E-4012-9903-6E483AF8C6C1", "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE639053-DE2F-49CD-89DC-A1A59B4F51C7", "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8B7351C-3F9C-4A97-83B3-DFEDA4CBB83C", "versionEndExcluding": "2.17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors."}, {"lang": "es", "value": "El subsistema de WebGL en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes de v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes de v17.0.5 y SeaMonkey antes v2.17 en Linux no interact\u00faa correctamente con los driver de Mesa, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (sin memoria no asignado) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-0796", "lastModified": "2023-01-19T02:41:50.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-03T11:56:21.217", "references": [{"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2699"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter.", "affected_release": [{"advisory": "RHSA-2013:0697", "cpe": "cpe:/a:redhat:rhel_productivity:5", "package": "thunderbird-0:17.0.5-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-04-02T00:00:00Z"}, {"advisory": "RHSA-2013:0696", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:17.0.5-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-04-02T00:00:00Z"}, {"advisory": "RHSA-2013:0696", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xulrunner-0:17.0.5-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-04-02T00:00:00Z"}, {"advisory": "RHSA-2013:0696", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:17.0.5-1.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-04-02T00:00:00Z"}, {"advisory": "RHSA-2013:0696", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xulrunner-0:17.0.5-1.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-04-02T00:00:00Z"}, {"advisory": "RHSA-2013:0697", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:17.0.5-1.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-04-02T00:00:00Z"}], "bugzilla": {"description": "Mozilla: WebGL crash with Mesa graphics driver on Linux (MFSA 2013-35)", "id": "946931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=946931"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors."], "name": "CVE-2013-0796", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-04-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0796\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0796\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-35.html"], "threat_severity": "Critical"}