The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
secunia.com/advisories/49055
www.mozilla.org/security/announce/2011/mfsa2011-29.html
www.mozilla.org/security/announce/2011/mfsa2011-31.html
www.mozilla.org/security/announce/2011/mfsa2011-33.html
bugzilla.mozilla.org/show_bug.cgi?id=674042
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14528