Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox 4.0.1. In addition the WebGLES libraries could potentially be used to bypass a security feature of recent Windows versions. The WebGL feature was introduced in Firefox 4; older versions are not affected by these issues.
Nils reported that the WebGLES libraries in the Windows version of Firefox were compiled without ASLR protection. An attacker who found an exploitable memory corruption flaw could then use these libraries to bypass ASLR on Windows Vista and Windows 7, making the flaw as exploitable on those platforms as it would be on Windows XP or other platforms.
Mozilla researcher Christoph Diehl reported a potentially exploitable buffer overflow in the WebGLES library
Yuri Ko reported a potentially exploitable overwrite in the WebGLES library to the Chrome Secuity Team. We thank them for coordinating with us on this fix.
Vulmon