// For flags

CVE-2013-0796

Mozilla: WebGL crash with Mesa graphics driver on Linux (MFSA 2013-35)

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.

El subsistema de WebGL en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes de v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes de v17.0.5 y SeaMonkey antes v2.17 en Linux no interactúa correctamente con los driver de Mesa, que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (sin memoria no asignado) a través de vectores no especificados.

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. These issues include multiple memory safety errors, missing input sanitizing vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors which may lead to the execution of arbitrary code, privilege escalation, information leaks or cross site scripting.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-01-02 CVE Reserved
  • 2013-04-03 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 < 20.0
Search vendor "Mozilla" for product "Firefox" and version " < 20.0"
-
Affected
in Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Mozilla
Search vendor "Mozilla"
 Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
 >= 17.0 < 17.0.5
Search vendor "Mozilla" for product "Firefox Esr" and version " >= 17.0 < 17.0.5"
-
Affected
in Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Mozilla
Search vendor "Mozilla"
 Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
 >= 17.0 < 17.0.5
Search vendor "Mozilla" for product "Thunderbird" and version " >= 17.0 < 17.0.5"
-
Affected
in Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Mozilla
Search vendor "Mozilla"
 Thunderbird Esr
Search vendor "Mozilla" for product "Thunderbird Esr"
 >= 17.0 < 17.0.5
Search vendor "Mozilla" for product "Thunderbird Esr" and version " >= 17.0 < 17.0.5"
-
Affected
in Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 < 2.17
Search vendor "Mozilla" for product "Seamonkey" and version " < 2.17"
-
Affected
in Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe