Mozilla Firefox WebGL Implementation Flaw Lets Remote Users Obtain Graphics Memory Contents
|
|
SecurityTracker Alert ID: 1025676 |
|
SecurityTracker URL: http://securitytracker.com/id/1025676
|
|
CVE Reference:
CVE-2011-2366
(Links to External Site)
|
Updated: Jun 22 2011
|
Original Entry Date: Jun 17 2011
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 4.x
|
Description:
A vulnerability was reported in Mozilla Firefox. A remote user can obtain information from the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will read graphics memory on the target user's system. The remote user can obtain screen shots from arbitrary windows on the target user's system (not just browser windows).
The original advisory is available at:
http://www.contextis.com/resources/blog/webgl2/
James Forshaw, Paul Stone, and Michael Jordon of Context Information Security reported this vulnerability.
|
Impact:
A remote user can create HTML that, when loaded by the target user, will obtain graphics memory contents from the target user's system.
|
Solution:
The vendor has issued a fix (5.0).
The vendor's advisory is available at:
http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/
http://www.mozilla.org/security/announce/2011/mfsa2011-25.html
|
Vendor URL: www.mozilla.org/security/announce/2011/mfsa2011-25.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 17 Jun 2011 19:53:29 +0000
Subject: Mozilla Firefox
|
http://www.contextis.com/resources/blog/webgl2/
http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/
|
|
