DescriptionThe WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceweaselsource(unstable)(not affected)
xulrunnersource(unstable)(not affected)


- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)

Search for package or bug name: Reporting problems