CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
93.4%
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox_esr | 38.0 | cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:* |
mozilla | firefox_esr | 38.0.1 | cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:* |
mozilla | firefox_esr | 38.0.5 | cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:* |
mozilla | firefox_esr | 38.1.0 | cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:* |
mozilla | firefox_esr | 38.1.1 | cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:* |
mozilla | firefox_esr | 38.2.0 | cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:* |
mozilla | firefox_esr | 38.2.1 | cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:* |
microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
www.mozilla.org/security/announce/2015/mfsa2015-113.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/76816
www.securitytracker.com/id/1033640
bugzilla.mozilla.org/show_bug.cgi?id=1189860