CVE-2011-2598

The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.

Published: Jun 30, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2598
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
mozilla / firefox	4.0-beta6	4.0-beta6.x
mozilla / firefox	4.0-beta1	4.0-beta1.x
mozilla / firefox	4.0-beta9	4.0-beta9.x
mozilla / firefox	4.0-beta5	4.0-beta5.x
mozilla / firefox	4.0-beta8	4.0-beta8.x
mozilla / firefox	4.0-beta12	4.0-beta12.x
mozilla / firefox	4.0-beta3	4.0-beta3.x
mozilla / firefox	4.0-beta2	4.0-beta2.x
mozilla / firefox	4.0-beta4	4.0-beta4.x
mozilla / firefox	4.0-beta10	4.0-beta10.x
mozilla / firefox	4.0	4.0.x
mozilla / firefox	4.0-beta11	4.0-beta11.x
mozilla / firefox	4.0-beta7	4.0-beta7.x
mozilla / firefox	4.0.1	4.0.1.x

http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/
http://www.contextis.com/resources/blog/webgl2/
http://www.securityfocus.com/bid/48319
http://www.theregister.co.uk/2011/06/16/webgl_security_threats_redux/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14207

Vulnerability Database

290,020

CVE-2011-2598