Mozilla Foundation Security Advisory 2012-30
Title: Crash with WebGL content using
Announced: April 24, 2012
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 12.0
Firefox ESR 10.0.4
Thunderbird ESR 10.0.4
Mozilla community member Ms2ger found an image rendering issue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects. This can lead to a crash on a maliciously crafted web page. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.