SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
Mozilla Firefox WebGL Implementation Flaw Lets Remote Users Obtain Graphics Memory Contents
SecurityTracker Alert ID:  1025676
SecurityTracker URL:  http://securitytracker.com/id/1025676
CVE Reference:   CVE-2011-2366   (Links to External Site)
Updated:  Jun 22 2011
Original Entry Date:  Jun 17 2011
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 4.x
Description:   A vulnerability was reported in Mozilla Firefox. A remote user can obtain information from the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will read graphics memory on the target user's system. The remote user can obtain screen shots from arbitrary windows on the target user's system (not just browser windows).

The original advisory is available at:

http://www.contextis.com/resources/blog/webgl2/

James Forshaw, Paul Stone, and Michael Jordon of Context Information Security reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will obtain graphics memory contents from the target user's system.
Solution:   The vendor has issued a fix (5.0).

The vendor's advisory is available at:

http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/
http://www.mozilla.org/security/announce/2011/mfsa2011-25.html

Vendor URL:  www.mozilla.org/security/announce/2011/mfsa2011-25.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC