Mozilla Foundation Security Advisory 2011-26

Multiple WebGL crashes

Announced
June 21, 2011
Reporter
Christoph Diehl
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 5
  • SeaMonkey 2.2

Description

Mozilla security researcher Christoph Diehl reported two crashes in WebGL code. One crash was the result of an out-of-bounds read and could be used to read data from other processes who had stored data in the GPU. The severity of this issue was determined to be high. The second crash was the result of an invalid write and could be used to execute arbitrary code. The severity of this issue was determined to be critical.

The WebGL functionality was introduced in the browser engine used by Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.

References