Vulnerability Description
The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 20.0 |
| Linux | Linux Kernel | - |
| Mozilla | Thunderbird | >= 17.0, < 17.0.5 |
| Mozilla | Thunderbird Esr | >= 17.0, < 17.0.5 |
| Mozilla | Seamonkey | < 2.17 |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.htmlMailing ListThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0696.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0697.htmlThird Party Advisory
- http://www.debian.org/security/2013/dsa-2699Third Party Advisory
- http://www.mozilla.org/security/announce/2013/mfsa2013-35.htmlExploitVendor Advisory
- http://www.ubuntu.com/usn/USN-1791-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=827106ExploitIssue TrackingVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=838413ExploitIssue TrackingPatch
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2013-0796?
CVE-2013-0796 is a vulnerability with a CVSS score of 10.0 (HIGH). The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly ...
How severe is CVE-2013-0796?
CVE-2013-0796 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0796?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Linux Linux Kernel, Mozilla Thunderbird, Mozilla Thunderbird Esr, Mozilla Seamonkey.