Mozilla Foundation Security Advisory 2012-26
WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
- Announced
- April 24, 2012
- Reporter
- Matias Juntunen
- Impact
- High
- Products
- Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
- Fixed in
-
- Firefox 12
- Firefox ESR 10.0.4
- SeaMonkey 2.9
- Thunderbird 12
- Thunderbird ESR 10.0.4
Description
Mozilla community member Matias Juntunen discovered an error
in WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments
from FindMaxUshortElement. This bug causes maximum index to be computed
incorrectly within WebGL.drawElements, allowing the reading of illegal video
memory.
References