CVE-2011-2988
Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.
| Software | From | Fixed in |
|---|---|---|
| mozilla / seamonkey | 2.0.10 | 2.0.10.x |
| mozilla / seamonkey | 2.2-beta2 | 2.2-beta2.x |
| mozilla / firefox | 4.0-beta6 | 4.0-beta6.x |
| mozilla / firefox | 4.0-beta1 | 4.0-beta1.x |
| mozilla / seamonkey | 2.0.13 | 2.0.13.x |
| mozilla / firefox | 4.0-beta9 | 4.0-beta9.x |
| mozilla / firefox | 4.0-beta5 | 4.0-beta5.x |
| mozilla / firefox | 4.0-beta8 | 4.0-beta8.x |
| mozilla / seamonkey | 2.0.4 | 2.0.4.x |
| mozilla / firefox | 4.0-beta12 | 4.0-beta12.x |
| mozilla / seamonkey | 2.1-alpha2 | 2.1-alpha2.x |
| mozilla / seamonkey | 2.0.3 | 2.0.3.x |
| mozilla / seamonkey | 2.0.2 | 2.0.2.x |
| mozilla / seamonkey | 2.0-alpha_2 | 2.0-alpha_2.x |
| mozilla / seamonkey | 2.0.8 | 2.0.8.x |
| mozilla / seamonkey | 2.0-rc2 | 2.0-rc2.x |
| mozilla / seamonkey | 2.0-alpha_3 | 2.0-alpha_3.x |
| mozilla / seamonkey | 2.0.12 | 2.0.12.x |
| mozilla / firefox | 4.0-beta3 | 4.0-beta3.x |
| mozilla / firefox | 5.0 | 5.0.x |
| mozilla / seamonkey | 2.0.11 | 2.0.11.x |
| mozilla / firefox | 4.0-beta2 | 4.0-beta2.x |
| mozilla / firefox | 4.0-beta4 | 4.0-beta4.x |
| mozilla / seamonkey | 2.0-beta_2 | 2.0-beta_2.x |
| mozilla / seamonkey | 2.1-rc1 | 2.1-rc1.x |
| mozilla / firefox | 4.0-beta10 | 4.0-beta10.x |
| mozilla / seamonkey | 2.1 | 2.1.x |
| mozilla / seamonkey | 2.0-alpha_1 | 2.0-alpha_1.x |
| mozilla / seamonkey | 2.0.9 | 2.0.9.x |
| mozilla / seamonkey | 2.1-alpha1 | 2.1-alpha1.x |
| mozilla / seamonkey | 2.1-beta2 | 2.1-beta2.x |
| mozilla / firefox | 4.0 | 4.0.x |
| mozilla / seamonkey | 2.0.1 | 2.0.1.x |
| mozilla / thunderbird | - | 5.0.x |
| mozilla / seamonkey | 2.0.14 | 2.0.14.x |
| mozilla / seamonkey | 2.0.7 | 2.0.7.x |
| mozilla / seamonkey | 2.2 | 2.2.x |
| mozilla / seamonkey | 2.0-beta_1 | 2.0-beta_1.x |
| mozilla / seamonkey | 2.1-rc2 | 2.1-rc2.x |
| mozilla / seamonkey | 2.1-beta1 | 2.1-beta1.x |
| mozilla / seamonkey | 2.0.5 | 2.0.5.x |
| mozilla / seamonkey | 2.1-beta3 | 2.1-beta3.x |
| mozilla / seamonkey | 2.0-rc1 | 2.0-rc1.x |
| mozilla / firefox | 4.0-beta11 | 4.0-beta11.x |
| mozilla / seamonkey | 2.2-beta3 | 2.2-beta3.x |
| mozilla / seamonkey | 2.0.6 | 2.0.6.x |
| mozilla / firefox | 4.0-beta7 | 4.0-beta7.x |
| mozilla / seamonkey | 2.1-alpha3 | 2.1-alpha3.x |
| mozilla / seamonkey | 2.0 | 2.0.x |
| mozilla / firefox | 4.0.1 | 4.0.1.x |
| mozilla / seamonkey | 2.2-beta1 | 2.2-beta1.x |
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
- http://secunia.com/advisories/49055
- http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-31.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-33.html
- http://www.securityfocus.com/bid/49242
- https://bugzilla.mozilla.org/show_bug.cgi?id=665936
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14270
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime