The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Publish Date : 2011-06-30 Last Update Date : 2011-08-23
| Cvss Score |
10.0 |
| Confidentiality Impact |
Complete
(There is total information disclosure, resulting in all system files being revealed.) |
| Integrity Impact |
Complete
(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) |
| Availability Impact |
Complete
(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) |
| Access Complexity |
Low
(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) |
| Authentication |
Not required
(Authentication is not required to exploit the vulnerability.) |
| Gained Access |
None |
| Vulnerability Type(s) |
Denial Of ServiceExecute Code |
| CWE ID |
264 |
| Title |
Definition Id |
Class |
Family |
|
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows ... |
oval:org.mitre.oval:def:13912 |
|
windows |
|
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.
