CVE-2011-2988

Related Files

Firefox 4 / 5 Heap Overflows

Posted Aug 19, 2011

Authored by James Forshaw, Context Information Security Ltd

Context discovered two memory corruption issues related to Firefox code that processes WebGL, that could result in remote code execution via a malicious web page. Heap overflows make use of the WebGL shader compiler and the ANGLE library. Versions 4.0.1 and 5 are affected.

tags | advisory, remote, web, overflow, code execution

advisories | CVE-2011-2987, CVE-2011-2988

SHA-256 | e2a6dbc735d5a7f645b6a0736a8b929cdad5127974443db6a2057209e4c009f7

Download | Favorite | View

Ubuntu Security Notice USN-1192-1

Posted Aug 18, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1192-1 - Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, arbitrary, javascript

systems | linux, ubuntu

advisories | CVE-2011-0084, CVE-2011-2985, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2990, CVE-2011-2991, CVE-2011-2992, CVE-2011-2993

SHA-256 | fd0dbc52704b7de27d589a9b373d2248010c2f4ec11b9682f224be9222b632fe

Download | Favorite | View