Details of VAR-201309-0178

ID

VAR-201309-0178

CVE

CVE-2013-1729

TITLE

Mozilla Firefox of WebGL Implementation of desktop screenshot data vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004203

DESCRIPTION

The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. Mozilla Firefox is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Note: This issue was previously discussed in BID 62447 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2013-76 through -92 Multiple Vulnerabilities), but has been moved to its own record to better document it. This issue is fixed in: Firefox 24.0

Trust: 1.98

sources: NVD: CVE-2013-1729 // JVNDB: JVNDB-2013-004203 // BID: 62474 // VULHUB: VHN-61731

AFFECTED PRODUCTS

vendor:	mozilla	model:	firefox	scope:	eq	version:	19.0.2	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	21.0	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	22.0	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	20.0	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	23.0	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	19.0.1	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	20.0.1	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	19.0	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	lte	version:	23.0.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lt	version:	24.0	Trust: 0.8
vendor:	mozilla	model:	firefox	scope:	eq	version:	23.0.1	Trust: 0.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	9.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.23	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	8.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	11.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.26	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	12.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.27	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	5.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.4.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	6.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	13.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.28	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.20	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.020	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.10.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.25	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.512	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.0.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.24	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.21	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	7.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.22	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.6.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.2	Trust: 0.3

sources: BID: 62474 // JVNDB: JVNDB-2013-004203 // CNNVD: CNNVD-201309-296 // NVD: CVE-2013-1729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1729
value:	LOW
Trust: 1.0
NVD:	CVE-2013-1729
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201309-296
value:	LOW
Trust: 0.6
VULHUB:	VHN-61731
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-1729
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61731
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61731 // JVNDB: JVNDB-2013-004203 // CNNVD: CNNVD-201309-296 // NVD: CVE-2013-1729

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-61731 // JVNDB: JVNDB-2013-004203 // NVD: CVE-2013-1729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-296

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201309-296

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004203

PATCH

title:	FEDORA-2013-17074	url:	http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html	Trust: 0.8
title:	FEDORA-2013-16992	url:	http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html	Trust: 0.8
title:	FEDORA-2013-17047	url:	http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html	Trust: 0.8
title:	MFSA2013-86	url:	http://www.mozilla.org/security/announce/2013/mfsa2013-86.html	Trust: 0.8
title:	MFSA2013-86	url:	http://www.mozilla-japan.org/security/announce/2013/mfsa2013-86.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-004203

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1729	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004203	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-296	Trust: 0.7
db:	BID	id:	62474	Trust: 0.4
db:	VULHUB	id:	VHN-61731	Trust: 0.1

sources: VULHUB: VHN-61731 // BID: 62474 // JVNDB: JVNDB-2013-004203 // CNNVD: CNNVD-201309-296 // NVD: CVE-2013-1729

REFERENCES

url:	http://www.mozilla.org/security/announce/2013/mfsa2013-86.html	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=879656	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2013-september/115907.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2013-september/117526.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2013-september/116610.html	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1729	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1729	Trust: 0.8
url:	http://www.mozilla.com/en-us/	Trust: 0.3

sources: VULHUB: VHN-61731 // BID: 62474 // JVNDB: JVNDB-2013-004203 // CNNVD: CNNVD-201309-296 // NVD: CVE-2013-1729

CREDITS

Victor Porof

Trust: 0.3

sources: BID: 62474

SOURCES

db:	VULHUB	id:	VHN-61731
db:	BID	id:	62474
db:	JVNDB	id:	JVNDB-2013-004203
db:	CNNVD	id:	CNNVD-201309-296
db:	NVD	id:	CVE-2013-1729

LAST UPDATE DATE

2025-04-11T23:19:27.830000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61731	date:	2013-10-03T00:00:00
db:	BID	id:	62474	date:	2015-03-19T08:12:00
db:	JVNDB	id:	JVNDB-2013-004203	date:	2013-11-01T00:00:00
db:	CNNVD	id:	CNNVD-201309-296	date:	2013-09-22T00:00:00
db:	NVD	id:	CVE-2013-1729	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61731	date:	2013-09-18T00:00:00
db:	BID	id:	62474	date:	2013-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-004203	date:	2013-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201309-296	date:	2013-09-22T00:00:00
db:	NVD	id:	CVE-2013-1729	date:	2013-09-18T10:08:24.553