CVE-2011-2367 Information

Description

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process or cause a denial of service (application crash) via unspecified vectors.

Reference

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://www.mozilla.org/security/announce/2011/mfsa2011-26.html https://bugzilla.mozilla.org/show_bug.cgi?id=656752 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14302