Lucene search

K
mozillaMozilla FoundationMFSA2014-22
HistoryMar 18, 2014 - 12:00 a.m.

WebGL content injection from one domain to rendering in another — Mozilla

2014-03-1800:00:00
Mozilla Foundation
www.mozilla.org
13

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.4%

Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site’s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to render arbitrary content in these limited circumstances.

Affected configurations

Vulners
Node
mozillafirefoxRange<28
OR
mozillaseamonkeyRange<2.25
CPENameOperatorVersion
firefoxlt28
seamonkeylt2.25

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.4%