Mozilla Foundation Security Advisory 2015-113

Memory safety errors in libGLES in the ANGLE graphics library

Announced
September 22, 2015
Reporter
Ronald Crane
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 41
  • Firefox ESR 38.3
  • SeaMonkey 2.38
  • Thunderbird 38.3

Description

Security researcher Ronald Crane reported two issues in the libGLES portions of the ANGLE graphics library, used for WebGL and OpenGL content on Windows systems. The first of these is a missing bounds check leading to memory safety errors when manipulating shaders which could result in the writing to unowned memory. The second issue also affects shaders when insufficient memory is allocated for a shader attribute array, leading to a buffer overflow. Both of these issues can lead to a potentially exploitable crash.

These issues are specific to Windows and does not affect Linux or OS X systems.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References