Mozilla Firefox WebGL cross-border read information leakage Vulnerability

Release date:
Updated on:

Affected Systems:
Mozilla Firefox 4.0.x
Mozilla Firefox 3.x
Mozilla Thunderbird 3.x
Mozilla Thunderbird 2.x
Mozilla SeaMonkey 2.x
Mozilla SeaMonkey 1.x
Unaffected system:
Mozilla Firefox 5.0.
Mozilla Firefox 3.6.18
Mozilla Thunderbird 3.1.11
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48371
Cve id: CVE-2011-2366

Firefox is a very popular open-source WEB browser.

Mozilla Firefox has the information leakage vulnerability. Remote attackers can exploit this vulnerability to bypass the same-origin policy and obtain sensitive information.

Two crashes exist in the WebGL code. One is because of out-of-bounds reading, which can be used to read data from other processes that store data in the GPU. The second crash is caused by Invalid write, which can be exploited to execute arbitrary code.

<* Source: Context IS

Link: http://www.mozilla.org/security/announce/2011/mfsa2011-26.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Mozilla
-------
Mozilla has released a Security Bulletin (2011-26) for this purpose and corresponding patches:

2011-26: Mozilla Foundation Security Advisory 2011-26

Link: http://www.mozilla.org/security/announce/2011/mfsa2011-26.html