CVE-2011-2367 : The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows r

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.

Published 2011-06-30 16:55:05

Updated 2017-09-19 01:33:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2011-2367

Probability of exploitation activity in the next 30 days: 0.58%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-2367

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2011-2367

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-2367

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14302

Repository / Oval Repository
http://www.mozilla.org/security/announce/2011/mfsa2011-26.html

Multiple WebGL crashes — Mozilla
Vendor Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=656752

656752 - (CVE-2011-2367) WebGL crash [@gleRunVertexSubmitImmediate()]
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html

[security-announce] SUSE Security Announcement: MozillaFirefox,MozillaTh

CVEs referencing this url

Products affected by CVE-2011-2367

Mozilla » Firefox » Version: 4.0 Update Beta5
cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta3
cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta4
cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta2
cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta7
cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta8
cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta9
cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta1
cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta10
cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta11
cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta6
cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0 Update Beta12
cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0
cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 4.0.1
cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-2367

Exploit prediction scoring system (EPSS) score for CVE-2011-2367

CVSS scores for CVE-2011-2367

CWE ids for CVE-2011-2367

References for CVE-2011-2367

Products affected by CVE-2011-2367