Mozilla Foundation Security Advisory 2011-26
Multiple WebGL crashes
- Announced
- June 21, 2011
- Reporter
- Christoph Diehl
- Impact
- Critical
- Products
- Firefox, SeaMonkey
- Fixed in
- 
        - Firefox 5
- SeaMonkey 2.2
 
Description
Mozilla security researcher Christoph Diehl reported two crashes in WebGL code. One crash was the result of an out-of-bounds read and could be used to read data from other processes who had stored data in the GPU. The severity of this issue was determined to be high. The second crash was the result of an invalid write and could be used to execute arbitrary code. The severity of this issue was determined to be critical.
The WebGL functionality was introduced in the browser engine used by Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.