Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2011-17

WebGLES vulnerabilities

Announced
April 28, 2011
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 4.0.1

Description

Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox 4.0.1. In addition the WebGLES libraries could potentially be used to bypass a security feature of recent Windows versions. The WebGL feature was introduced in Firefox 4; older versions are not affected by these issues.

Nils reported that the WebGLES libraries in the Windows version of Firefox were compiled without ASLR protection. An attacker who found an exploitable memory corruption flaw could then use these libraries to bypass ASLR on Windows Vista and Windows 7, making the flaw as exploitable on those platforms as it would be on Windows XP or other platforms.

Mozilla researcher Christoph Diehl reported a potentially exploitable buffer overflow in the WebGLES library

Yuri Ko reported a potentially exploitable overwrite in the WebGLES library to the Chrome Secuity Team. We thank them for coordinating with us on this fix.