CVE-2013-0796 - OpenCVE

The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Seamonkey Firefox Esr Thunderbird Esr Thunderbird Firefox
Linux	Linux Kernel

Configuration 1 [-]

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0696.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0697.html	Third Party Advisory
http://www.debian.org/security/2013/dsa-2699	Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html	Exploit Vendor Advisory
http://www.ubuntu.com/usn/USN-1791-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=827106	Exploit Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=838413	Exploit Issue Tracking Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2013-04-03T10:00:00

Updated: 2013-04-11T09:00:00

Reserved: 2013-01-02T00:00:00

Link: CVE-2013-0796

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-04-03T11:56:21.217

Modified: 2023-01-19T02:41:50.103

Link: CVE-2013-0796

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-04-11T09:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "SUSE-SU-2013:0850", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"name": "USN-1791-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"name": "DSA-2699", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2699"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413"}, {"name": "openSUSE-SU-2013:0630", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106"}, {"name": "RHSA-2013:0696", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html"}, {"name": "openSUSE-SU-2013:0631", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html"}, {"name": "RHSA-2013:0697", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html"}, {"name": "SUSE-SU-2013:0645", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}, {"name": "openSUSE-SU-2013:0875", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-0796", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2013:0850", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"name": "USN-1791-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"name": "DSA-2699", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2699"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413"}, {"name": "openSUSE-SU-2013:0630", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106"}, {"name": "RHSA-2013:0696", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html"}, {"name": "openSUSE-SU-2013:0631", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html"}, {"name": "RHSA-2013:0697", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html"}, {"name": "SUSE-SU-2013:0645", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}, {"name": "openSUSE-SU-2013:0875", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-0796", "datePublished": "2013-04-03T10:00:00", "dateReserved": "2013-01-02T00:00:00", "dateUpdated": "2013-04-11T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F1F841D-03C5-48E3-BCA8-4436C146E8C9", "versionEndExcluding": "20.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D233DB53-44EA-4198-B691-7AA0579AF4A8", "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAF5F5B1-7D1E-4012-9903-6E483AF8C6C1", "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE639053-DE2F-49CD-89DC-A1A59B4F51C7", "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8B7351C-3F9C-4A97-83B3-DFEDA4CBB83C", "versionEndExcluding": "2.17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors."}, {"lang": "es", "value": "El subsistema de WebGL en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes de v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes de v17.0.5 y SeaMonkey antes v2.17 en Linux no interact\u00faa correctamente con los driver de Mesa, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (sin memoria no asignado) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-0796", "lastModified": "2023-01-19T02:41:50.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-03T11:56:21.217", "references": [{"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2699"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827106"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=838413"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}