Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox or Thunderbird and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to obtain potentially sensitive information. Impact Level: Application

Solution

Upgrade to Firefox version 5.0 or later. http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version 5.0 or later http://www.mozillamessaging.com/en-US/thunderbird/

Insight

The flaw is due to an error in WebGL, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

Affected

Thunderbird versions before 5.0 Mozilla Firefox versions before 5.0

References

http://www.contextis.co.uk/resources/blog/webgl/
https://bugzilla.mozilla.org/show_bug.cgi?id=656277
https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures
https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2366

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
Apple Safari Web Script Execution Vulnerabilites - June09

Take action and discover your vulnerabilities