You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-26

Mozilla Foundation Security Advisory 2012-26

Title: WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
Impact: High
Announced: April 24, 2012
Reporter: Matias Juntunen
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 12.0
  Firefox ESR 10.0.4
  Thunderbird 12.0
  Thunderbird ESR 10.0.4
  SeaMonkey 2.9


Mozilla community member Matias Juntunen discovered an error in WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments from FindMaxUshortElement. This bug causes maximum index to be computed incorrectly within WebGL.drawElements, allowing the reading of illegal video memory.