QwikSec

Security Database

CVE

CWE

Training

CVE-2011-2366

Published: Jun 30, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=655987

x_refsource_CONFIRM

oval:org.mitre.oval:def:14221

vdb-entry

signature

x_refsource_OVAL

https://bugzilla.mozilla.org/show_bug.cgi?id=659349

x_refsource_CONFIRM

https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/

x_refsource_CONFIRM

SUSE-SA:2011:028

vendor-advisory

x_refsource_SUSE

http://www.contextis.co.uk/resources/blog/webgl/

x_refsource_MISC

https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=656277

x_refsource_CONFIRM

[whatwg] 20110314 Canvas and drawWindow

mailing-list

x_refsource_MLIST

http://www.mozilla.org/security/announce/2011/mfsa2011-25.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.