CVE-2011-2598

The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/
http://www.contextis.com/resources/blog/webgl2/	Exploit
http://www.securityfocus.com/bid/48319
http://www.theregister.co.uk/2011/06/16/webgl_security_threats_redux/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14207

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:4.0:::::::*
	cpe:2.3:a:mozilla:firefox:4.0:beta1::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta10::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta11::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta12::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta2::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta3::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta4::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta5::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta6::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta7::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta8::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta9::::::
	cpe:2.3:a:mozilla:firefox:4.0.1:::::::*

History

No history.

Information

Published : 2011-06-30 15:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-2598

Mitre link : CVE-2011-2598

CVE.ORG link : CVE-2011-2598

JSON object : View

Products Affected

mozilla

firefox

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2011-2598", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-06-30T15:55:04.473", "references": [{"url": "http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/", "source": "cve@mitre.org"}, {"url": "http://www.contextis.com/resources/blog/webgl2/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/48319", "source": "cve@mitre.org"}, {"url": "http://www.theregister.co.uk/2011/06/16/webgl_security_threats_redux/", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14207", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory."}, {"lang": "es", "value": "La implementaci\u00f3n de WebGL en Mozilla Firefox v4.x permite a atacantes remotos obtener im\u00e1genes de las ventanas de las aplicaciones de escritorio de su elecci\u00f3n a trav\u00e9s de vectores que implican un filtro SVG, un elemento IFRAME, y los datos sin inicializar en la memoria de gr\u00e1ficos."}], "lastModified": "2017-09-19T01:33:05.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C69962C4-FA56-47F2-82A4-DFF4C19DAF3A"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7BC1684-3634-4585-B7E6-8C8777E1DA0D"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A490D040-EF74-45C2-89ED-D88ADD222712"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CDA17D1-CD93-401E-860C-7C3291FEEB7E"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F72FDE3-54E0-48E4-9015-1B8A36DB1EC3"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4062C901-3828-415B-A6C3-EDD0E7B20C0E"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC0D8730-7034-4AD6-9B05-F8BAFB0145EF"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "857AFB05-F0C1-4061-9680-9561D68C908F"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC37EBAF-C979-4ACC-ACA9-BDC2AECCB0D7"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80801CD8-EEAF-4BC4-9085-DCCC6CF73076"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAF4C78A-5093-4871-AF69-A8E8FD7E1AAE"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "560AD4C7-89D2-4323-BBCC-A89EEB6832CB"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B389CBC-4F6C-4C17-A87B-A6DD92703A10"}, {"criteria": "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDFBA043-91BC-4FB5-A34D-FCE1A9C65A88"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}