Vulnerability Details : CVE-2012-5833

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Published 2012-11-21 12:55:03

Updated 2020-08-06 16:50:07

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-5833

Probability of exploitation activity in the next 30 days: 1.80%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-5833

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-5833

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-5833

http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

openSUSE-SU-2012:1586-1: moderate: update for xulrunner
Mailing List;Third Party Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/80184

Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution CVE-2012-5833 Vulnerability Report
Third Party Advisory;VDB Entry
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

openSUSE-SU-2012:1585-1: moderate: update for MozillaThunderbird
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

openSUSE-SU-2012:1583-1: moderate: update for MozillaFirefox
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1638-3

USN-1638-3: Firefox regressions | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://www.mozilla.org/security/announce/2012/mfsa2012-106.html

Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer — Mozilla
Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16748

Repository / Oval Repository
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

[security-announce] SUSE-SU-2012:1592-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1638-1

USN-1638-1: Firefox vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1638-2

USN-1638-2: ubufox update | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=785734

785734 - (CVE-2012-5833) Mesa crashes on certain texImage2D calls involving level>0
Issue Tracking;Patch;Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1482.html

RHSA-2012:1482 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/56642

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5833 Memory Corruption Vulnerability
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2012-1483.html

RHSA-2012:1483 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173

mandriva.com
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1636-1

USN-1636-1: Thunderbird vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

[security-announce] openSUSE-SU-2013:0175-1: important: security update
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2012-5833

Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.3
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP2 For Vmware
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions before (<) 17.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions before (<) 17.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions before (<) 2.14
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr
Versions before (<) 10.0.11
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird Esr
Versions before (<) 10.0.11
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 11.10
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Opensuse » Opensuse » Version: 11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.2
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Matching versions