Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-2366

Published: 30/06/2011 Updated: 19/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Gecko

Vulnerability Summary

Mozilla Gecko prior to 5.0, as used in Firefox prior to 5.0 and Thunderbird prior to 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote malicious users to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla gecko 1.9

mozilla gecko 1.8

mozilla gecko 1.7

mozilla gecko 1.9.1

mozilla gecko 1.8.1

mozilla gecko

mozilla gecko 1.9.2

mozilla firefox 2.0.0.14

mozilla firefox 0.9.1

mozilla firefox 0.9

mozilla firefox 1.0.2

mozilla firefox 1.5

mozilla firefox 1.0.8

mozilla firefox 2.0.0.16

mozilla firefox 2.0.0.11

mozilla firefox 0.4

mozilla firefox 0.5

mozilla firefox 1.5.0.2

mozilla firefox 1.5.0.3

mozilla firefox 1.5.4

mozilla firefox 1.5.1

mozilla firefox 1.8

mozilla firefox 1.5.8

mozilla firefox 2.0.0.4

mozilla firefox 2.0.0.3

mozilla firefox 3.5.12

mozilla firefox 3.0.3

mozilla firefox 3.5.13

mozilla firefox 3.0.6

mozilla firefox 3.0.10

mozilla firefox 4.0

mozilla firefox 3.6.3

mozilla firefox 3.5.2

mozilla firefox 3.5.9

mozilla firefox 3.6.9

mozilla firefox 3.5.3

mozilla thunderbird 2.0.0.1

mozilla thunderbird 2.0.0.0

mozilla thunderbird 2.0.0.19

mozilla thunderbird 2.0.0.5

mozilla thunderbird 1.0.2

mozilla thunderbird 1.0.3

mozilla thunderbird 1.5.0.7

mozilla thunderbird 1.5.0.1

mozilla thunderbird 3.1

mozilla thunderbird 2.0.0.7

mozilla thunderbird 2.0.0.9

mozilla thunderbird 1.5.0.13

mozilla thunderbird 3.0.2

mozilla thunderbird 3.0.3

mozilla firefox 0.8

mozilla firefox 0.10.1

mozilla firefox 2.0.0.19

mozilla firefox 0.10

mozilla firefox 1.0.1

mozilla firefox 3.0.5

mozilla firefox 2.0.0.20

mozilla firefox 1.0.4

mozilla firefox 1.0.7

mozilla firefox 3.0.7

mozilla firefox 2.0.0.17

mozilla firefox 0.6.1

mozilla firefox 0.7

mozilla firefox 0.7.1

mozilla firefox 0.1

mozilla firefox 0.2

mozilla firefox 1.5.0.12

mozilla firefox 1.5.0.1

mozilla firefox 1.5.0.6

mozilla firefox 1.5.0.7

mozilla firefox 1.5.5

mozilla firefox 2.0.0.6

mozilla firefox 2.0.0.1

mozilla firefox 3.0.14

mozilla firefox 3.0.12

mozilla firefox 2.0.0.8

mozilla firefox 3.0.4

mozilla firefox 3.0.13

mozilla firefox 3.6.12

mozilla firefox 3.6.8

mozilla firefox 3.6

mozilla firefox 3.6.2

mozilla thunderbird 1.5.0.9

mozilla thunderbird 1.5.0.8

mozilla thunderbird 1.0.7

mozilla thunderbird 1.0.8

mozilla thunderbird 1.5.0.3

mozilla thunderbird 3.1.7

mozilla thunderbird 1.5.0.4

mozilla thunderbird 1.5.0.2

mozilla thunderbird 3.1.2

mozilla thunderbird 2.0.0.14

mozilla thunderbird 2.0.0.17

mozilla thunderbird 3.0.4

mozilla thunderbird 3.0

mozilla thunderbird 3.0.7

mozilla thunderbird 3.1.4

mozilla thunderbird 2.0.0.22

mozilla thunderbird 2.0.0.23

mozilla thunderbird 1.0.1

mozilla thunderbird 0.8

mozilla thunderbird 0.4

mozilla thunderbird 2.0.0.18

mozilla thunderbird 3.1.5

mozilla thunderbird 3.0.9

mozilla thunderbird 0.7.2

mozilla thunderbird 0.7.3

mozilla thunderbird 0.7

mozilla thunderbird 0.2

mozilla thunderbird 0.5

mozilla thunderbird 3.1.10

mozilla thunderbird

mozilla firefox 1.0

mozilla firefox 1.0.3

mozilla firefox 1.0.6

mozilla firefox 2.0.0.9

mozilla firefox 2.0.0.10

mozilla firefox 3.0.16

mozilla firefox 0.3

mozilla firefox 1.5.0.4

mozilla firefox 1.5.0.5

mozilla firefox 1.5.0.10

mozilla firefox 1.5.3

mozilla firefox 2.0

mozilla firefox 2.0.0.5

mozilla firefox 3.0.15

mozilla firefox 3.5.10

mozilla firefox 3.5.14

mozilla firefox 3.5.15

mozilla firefox 2.0.0.13

mozilla firefox 2.0.0.18

mozilla firefox 3.5

mozilla firefox 3.6.6

mozilla firefox 3.6.7

mozilla firefox 3.5.8

mozilla firefox 3.6.11

mozilla firefox 3.6.10

mozilla firefox

mozilla thunderbird 1.5.2

mozilla thunderbird 1.5.1

mozilla thunderbird 1.5

mozilla thunderbird 2.0.0.8

mozilla thunderbird 3.1.6

mozilla thunderbird 1.5.0.6

mozilla thunderbird 3.0.6

mozilla thunderbird 3.1.1

mozilla thunderbird 1.5.0.12

mozilla thunderbird 1.5.0.5

mozilla thunderbird 3.0.5

mozilla thunderbird 2.0.0.12

mozilla thunderbird 3.1.3

mozilla thunderbird 3.0.11

mozilla thunderbird 1.7.1

mozilla thunderbird 1.7.3

mozilla thunderbird 0.9

mozilla thunderbird 0.1

mozilla thunderbird 3.1.8

mozilla thunderbird 3.1.9

mozilla firefox 2.0.0.12

mozilla firefox 3.0.1

mozilla firefox 0.9.3

mozilla firefox 0.9.2

mozilla firefox 3.0

mozilla firefox 1.0.5

mozilla firefox 3.0.17

mozilla firefox 3.5.11

mozilla firefox 1.4.1

mozilla firefox 2.0.0.15

mozilla firefox 0.6

mozilla firefox 3.0.9

mozilla firefox 1.5.0.11

mozilla firefox 2.0.0.7

mozilla firefox 1.5.2

mozilla firefox 1.5.0.8

mozilla firefox 1.5.0.9

mozilla firefox 1.5.7

mozilla firefox 1.5.6

mozilla firefox 2.0.0.2

mozilla firefox 3.0.2

mozilla firefox 3.5.1

mozilla firefox 3.0.11

mozilla firefox 3.0.8

mozilla firefox 3.6.13

mozilla firefox 3.5.7

mozilla firefox 3.5.5

mozilla firefox 3.6.4

mozilla firefox 3.5.4

mozilla firefox 3.5.6

mozilla thunderbird 2.0.0.3

mozilla thunderbird 2.0.0.2

mozilla thunderbird 2.0.0.4

mozilla thunderbird 1.0.6

mozilla thunderbird 1.0.4

mozilla thunderbird 1.0.5

mozilla thunderbird 1.5.0.10

mozilla thunderbird 1.5.0.11

mozilla thunderbird 2.0.0.21

mozilla thunderbird 2.0.0.16

mozilla thunderbird 1.5.0.14

mozilla thunderbird 2.0.0.6

mozilla thunderbird 3.0.1

mozilla thunderbird 3.0.8

mozilla thunderbird 2.0

mozilla thunderbird 3.0.10

mozilla thunderbird 0.7.1

mozilla thunderbird 1.0

mozilla thunderbird 0.6

mozilla thunderbird 0.3

Vendor Advisories

Ubuntu Security Notice: firefox vulnerabilities
Multiple Firefox vulnerabilities have been fixed ...
Ubuntu Security Notice: firefox regression
Under certain circumstances, the updated translations could unintentionally install firefox ...
Ubuntu Security Notice: mozvoikko, ubufox, webfav update
This update provides provides packages compatible with Firefox 5 ...
Mozilla: Stealing of cross-domain images using WebGL textures
Mozilla Foundation Security Advisory 2011-25 Stealing of cross-domain images using WebGL textures Announced June 21, 2011 Reporter Context IS Impact Moderate Products Firefox, SeaMonkey Fixed in ...

References

CWE-20http://www.contextis.co.uk/resources/blog/webgl/https://developer.mozilla.org/en/WebGL/Cross-Domain_Textureshttps://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/https://bugzilla.mozilla.org/show_bug.cgi?id=655987http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030882.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=656277https://bugzilla.mozilla.org/show_bug.cgi?id=659349http://www.mozilla.org/security/announce/2011/mfsa2011-25.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14221https://nvd.nist.govhttps://usn.ubuntu.com/1157-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook