Mozilla Foundation Security Advisory 2012-30

Crash with WebGL content using textImage2D

Announced

April 24, 2012

Reporter

Ms2ger

Impact

Critical

Products

Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR

Fixed in

Firefox 12
Firefox ESR 10.0.4
SeaMonkey 2.9
Thunderbird 12
Thunderbird ESR 10.0.4

Description

Mozilla community member Ms2ger found an image rendering issue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects. This can lead to a crash on a maliciously crafted web page. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.

References

nsIDOMWebGLRenderingContext_Tex{,Sub}Image2D use JSVAL_TO_OBJECT on arbitrary objects
CVE-2012-0478

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2012-30

Crash with WebGL content using textImage2D

Description

References