Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2011-06-30 08:55
Updated : 2017-09-18 18:33
NVD link : CVE-2011-2366
Mitre link : CVE-2011-2366
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
mozilla
- firefox
- gecko
- thunderbird