Search Results (Refine Search)
- Keyword (text search): webgl
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-5833 |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. Published: November 21, 2012; 7:55:03 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-2896 |
Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: September 26, 2012; 6:56:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-3968 |
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. Published: August 29, 2012; 6:56:40 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-3967 |
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. Published: August 29, 2012; 6:56:40 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-2819 |
The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387. Published: June 27, 2012; 6:18:38 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-3568 |
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo. Published: June 14, 2012; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-3105 |
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101. Published: June 05, 2012; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0478 |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. Published: April 25, 2012; 6:10:17 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0473 |
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. Published: April 25, 2012; 6:10:17 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-3052 |
The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Published: March 22, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-1795 |
webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. Published: March 20, 2012; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-1787 |
Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters. Published: March 19, 2012; 2:55:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-5114 |
Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. Published: March 19, 2012; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-5113 |
Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the DOC parameter. Published: March 19, 2012; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-5112 |
wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request. Published: March 19, 2012; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-3653 |
Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. Published: November 09, 2011; 6:55:03 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-3003 |
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. Published: September 28, 2011; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-2989 |
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Published: August 18, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-2988 |
Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader. Published: August 18, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-2987 |
Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors. Published: August 18, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |