Vulnerabilities > CVE-2013-1729 - Information Exposure vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-17074.NASL description Upstream update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-09-23 plugin id 70062 published 2013-09-23 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70062 title Fedora 20 : firefox-24.0-1.fc20 / xulrunner-24.0-2.fc20 (2013-17074) NASL family Fedora Local Security Checks NASL id FEDORA_2013-17047.NASL description Upstream security update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-09-30 plugin id 70205 published 2013-09-30 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70205 title Fedora 18 : firefox-24.0-1.fc18 / xulrunner-24.0-2.fc18 (2013-17047) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7DFED67B20AA11E3B8D80025905A4771.NASL description The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed MFSA 2013-81 Use-after-free with select element MFSA 2013-82 Calling scope for new JavaScript objects can lead to memory corruption MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification MFSA 2013-84 Same-origin bypass through symbolic links MFSA 2013-85 Uninitialized data in IonMonkey MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers MFSA 2013-87 Shared object library loading from writable location MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes MFSA 2013-89 Buffer overflow with multi-column, lists, and floats MFSA 2013-90 Memory corruption involving scrolling MFSA 2013-91 User-defined properties on DOM proxies get the wrong last seen 2020-06-01 modified 2020-06-02 plugin id 70262 published 2013-10-02 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70262 title FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_24.NASL description The installed version of Firefox is earlier than 24.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. (CVE-2013-1718, CVE-2013-1719) - The HTML5 Tree Builder does not properly maintain states, which could result in a denial of service or possible arbitrary code execution. (CVE-2013-1720) - The ANGLE library is vulnerable to an integer overflow, which could result in a denial of service or arbitrary code execution. (CVE-2013-1721) - Multiple use-after-free problems exist, which could result in denial of service attacks or arbitrary code execution. (CVE-2013-1722, CVE-2013-1724, CVE-2013-1735, CVE-2013-1736, CVE-2013-1738) - The NativeKey widget does not properly terminate key messages, possibly leading to a denial of service attack. (CVE-2013-1723) - Incorrect scope handling for JavaScript objects with compartments can result in denial of service or possibly arbitrary code execution. (CVE-2013-1725) - Local users can gain the same privileges as the Mozilla Updater because the application does not ensure exclusive access to the update file. An attacker can exploit this by inserting a malicious file into the update file. (CVE-2013-1726) - Sensitive information can be obtained via unspecified vectors because the IonMonkey JavaScript does not properly initialize memory. (CVE-2013-1728) - A JavaScript compartment mismatch can result in a denial of service or arbitrary code execution. Versions of Firefox 20 or greater are not susceptible to the arbitrary code execution mentioned above. (CVE-2013-1730) - A buffer overflow is possible because of an issue with multi-column layouts. (CVE-2013-1732) - An object is not properly identified during use of user-defined getter methods on DOM proxies. This can result in access restrictions being bypassed. (CVE-2013-1737) - An issue in the NVIDIA OS X graphic drivers allows the user last seen 2020-06-01 modified 2020-06-02 plugin id 69989 published 2013-09-19 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69989 title Firefox < 24.0 Multiple Vulnerabilities (Mac OS X) NASL family Fedora Local Security Checks NASL id FEDORA_2013-16992.NASL description Upstream security update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-09-21 plugin id 70036 published 2013-09-21 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70036 title Fedora 19 : firefox-24.0-1.fc19 / xulrunner-24.0-2.fc19 (2013-16992)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-86.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=879656