| Vulnerability Name: | CVE-2011-2598 (CCN-68471) | ||||||||
| Assigned: | 2011-05-11 | ||||||||
| Published: | 2011-05-11 | ||||||||
| Updated: | 2017-09-19 | ||||||||
| Summary: | The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/ Source: MITRE Type: CNA CVE-2011-2598 Source: CCN Type: Context Web site WebGL - A New Dimension for Browser Exploitation Source: MISC Type: Exploit http://www.contextis.com/resources/blog/webgl2/ Source: CCN Type: Mozilla Web site Mozilla Firefox Source: CCN Type: OSVDB ID: 73101 Mozilla Firefox WebGL Graphics Memory Information Disclosure Source: BID Type: UNKNOWN 48319 Source: CCN Type: BID-48319 Mozilla Firefox WebGL Information Disclosure Vulnerability Source: MISC Type: UNKNOWN http://www.theregister.co.uk/2011/06/16/webgl_security_threats_redux/ Source: XF Type: UNKNOWN firefox-webgl-info-disc(68471) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:14207 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||