Malicious WebGL content crash when writing strings — Mozilla

2015-02-2400:00:00

Mozilla Foundation

www.mozilla.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.018

Percentile

88.2%

JSON

Security researcher Daniele Di Proietto discovered that when WebGL content crafted in a specific manner wrote strings, it would cause a crash when this content was run.

Affected configurations

Vulners

Node

mozillafirefoxRange<36

mozillafirefox_osRange<2.2

mozillaseamonkeyRange<2.33

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_os*cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_os	*	cpe:2.3:o:mozilla:firefox_os::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::