SUSE CVE-2018-6079

Inappropriate sharing of TEXTURE2DARRAY/TEXTURE3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

SUSE CVE-2018-6154

Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2018-6162

Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2018-12407

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox 64...

SUSE CVE-2019-5770

Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

SUSE CVE-2019-11693

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected.. This...

SUSE CVE-2020-6422

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2020-6555

Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

SUSE CVE-2020-6821

When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird...

SUSE CVE-2020-26972

The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This...

SUSE CVE-2021-23994

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

SUSE CVE-2021-30554

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2021-30568

Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2022-1482

Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2022-31737

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

SUSE CVE-2022-46882

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox 107, Firefox ESR 102.6, and Thunderbird 102.6...

SUSE CVE-2022-46881

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106...

Rocky Linux 8 : firefox (RLSA-2022:9067)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:9067 advisory. - A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox This bug only affects...

Mozilla Thunderbird Resource Management Error Vulnerability (CNVD-2023-03054)

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. Mozilla Thunderbird suffers from a resource management error vulnerability that stems fro...

Denial Of Service (DoS)

firefox is vulnerable to Denial Of Service DoS. A remote attacker is able to cause a memory corruption and a potentially exploitable crash due to improper optimization in WebGL...