Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox or Thunderbird and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to obtain potentially sensitive information. Impact Level: Application

Solution

Upgrade to Firefox version 5.0 or later. http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version 5.0 or later http://www.mozillamessaging.com/en-US/thunderbird/

Insight

The flaw is due to an error in WebGL, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

Affected

Thunderbird versions before 5.0 Mozilla Firefox versions before 5.0

References

http://www.contextis.co.uk/resources/blog/webgl/
https://bugzilla.mozilla.org/show_bug.cgi?id=656277
https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures
https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2366

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Asterisk SIP REGISTER Response Username Enumeration Vulnerability
Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)
Apache Tomcat Multiple Vulnerabilities - 03 Mar14

Take action and discover your vulnerabilities