CVE-2011-2988

Name	CVE-2011-2988
Description	Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severity	high

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
iceape	source	(unstable)	(not affected)
icedove	source	(unstable)	(not affected)
iceweasel	source	lenny	(not affected)
iceweasel	source	squeeze	(not affected)
iceweasel	source	(unstable)	6.0-1
xulrunner	source	(unstable)	(not affected)

Notes

- xulrunner <not-affected> (Only affects Firefox >= 4)
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
- icedove <not-affected> (Only affects Thunderbird 5)