CVE-2011-2598

The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:28

Type Values Removed Values Added
References () http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/ - () http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/ -
References () http://www.contextis.com/resources/blog/webgl2/ - Exploit () http://www.contextis.com/resources/blog/webgl2/ - Exploit
References () http://www.securityfocus.com/bid/48319 - () http://www.securityfocus.com/bid/48319 -
References () http://www.theregister.co.uk/2011/06/16/webgl_security_threats_redux/ - () http://www.theregister.co.uk/2011/06/16/webgl_security_threats_redux/ -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14207 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14207 -

Information

Published : 2011-06-30 15:55

Updated : 2024-11-21 01:28


NVD link : CVE-2011-2598

Mitre link : CVE-2011-2598

CVE.ORG link : CVE-2011-2598


JSON object : View

Products Affected

mozilla

  • firefox
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor