Vulnerability Details : CVE-2013-0796
The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2013-0796
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0796
2.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0796
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2013-0796
-
http://rhn.redhat.com/errata/RHSA-2013-0697.html
RHSA-2013:0697 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
[security-announce] SUSE-SU-2013:0850-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
openSUSE-SU-2013:0875-1: moderate: seamonkey: 2.17 updateMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1791-1
USN-1791-1: Thunderbird vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
[security-announce] SUSE-SU-2013:0645-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
[security-announce] openSUSE-SU-2013:0631-1: important: Mozilla FirefoxMailing List;Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=827106
827106 - (CVE-2013-0796) freeing unallocated address with webglExploit;Issue Tracking;Vendor Advisory
-
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
WebGL crash with Mesa graphics driver on Linux — MozillaExploit;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=838413
838413 - Blacklist Mesa in ESR17 (nothing sensational here --- ESR is the enterprise no-cool-stuff branch)Exploit;Issue Tracking;Patch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0696.html
RHSA-2013:0696 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.debian.org/security/2013/dsa-2699
Debian -- Security Information -- DSA-2699-1 iceweaselThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
[security-announce] openSUSE-SU-2013:0630-1: important: Mozilla FirefoxMailing List;Third Party Advisory
Jump to