CVE-2013-0796
First published: Wed Apr 03 2013(Updated: )
The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Firefox | <20.0 | |
| Linux Kernel | ||
| All of | ||
| Firefox | >=17.0<17.0.5 | |
| Linux Kernel | ||
| All of | ||
| Thunderbird | >=17.0<17.0.5 | |
| Linux Kernel | ||
| All of | ||
| Mozilla Thunderbird | >=17.0<17.0.5 | |
| Linux Kernel | ||
| All of | ||
| Mozilla SeaMonkey | <2.17 | |
| Linux Kernel | ||
| Firefox | <20.0 | |
| Linux Kernel | ||
| Firefox ESR | >=17.0<17.0.5 | |
| Thunderbird | >=17.0<17.0.5 | |
| Mozilla Thunderbird | >=17.0<17.0.5 | |
| Mozilla SeaMonkey | <2.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2013-0696.html
- http://rhn.redhat.com/errata/RHSA-2013-0697.html
- http://www.debian.org/security/2013/dsa-2699
- http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
- http://www.ubuntu.com/usn/USN-1791-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=827106
- https://bugzilla.mozilla.org/show_bug.cgi?id=838413
Frequently Asked Questions
What is the severity of CVE-2013-0796?
CVE-2013-0796 has a high severity due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2013-0796?
To mitigate CVE-2013-0796, upgrade to Mozilla Firefox version 20.0 or later, or Mozilla Thunderbird, Thunderbird ESR, and SeaMonkey to their updated versions addressing this vulnerability.
Which versions are affected by CVE-2013-0796?
CVE-2013-0796 affects Mozilla Firefox prior to 20.0, Firefox ESR versions prior to 17.0.5, Thunderbird versions prior to 17.0.5, Thunderbird ESR versions prior to 17.0.5, and SeaMonkey versions prior to 2.17 on Linux.
What products are impacted by CVE-2013-0796?
CVE-2013-0796 impacts Mozilla Firefox, Firefox ESR, Thunderbird, Thunderbird ESR, and SeaMonkey when running on Linux.
Can CVE-2013-0796 lead to denial of service?
Yes, CVE-2013-0796 can lead to denial of service in addition to allowing remote code execution.
- agent/references
- agent/type
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- vendor/linux
- canonical/linux kernel
- version/firefox/17.0
- canonical/thunderbird
- version/thunderbird/17.0
- canonical/mozilla thunderbird
- version/mozilla thunderbird/17.0
- canonical/mozilla seamonkey
- canonical/firefox esr
- version/firefox esr/17.0