Memory safety errors in libGLES in the ANGLE graphics library
- September 22, 2015
- Ronald Crane
- Firefox, Firefox ESR, SeaMonkey, Thunderbird
- Fixed in
- Firefox 41
- Firefox ESR 38.3
- SeaMonkey 2.38
- Thunderbird 38.3
Security researcher Ronald Crane reported two issues in the libGLES portions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows systems. The first of these is a missing bounds check leading to memory safety errors when manipulating shaders which could result in the writing to unowned memory. The second issue also affects shaders when insufficient memory is allocated for a shader attribute array, leading to a buffer overflow. Both of these issues can lead to a potentially exploitable crash.
These issues are specific to Windows and does not affect Linux or OS X systems.
In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.