CVE-2011-1300
Firefox 4.x - Remote Code Execution via WebGLES Library Off-by-Three Error
Title source: llmDescription
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.
References (11)
Core 11
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1006
Vendor Advisory x_refsource_confirm
http://code.google.com/p/angleproject/source/detail?r=611
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025377
Vendor Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=70070
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44141
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47377
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=623791
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66766
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2011/mfsa2011-17.html
Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14466
Scores
EPSS
0.0301
EPSS Percentile
85.9%
Details
CWE
CWE-189
Status
published
Products (2)
google/chrome
< 10.0.648.205
mozilla/firefox
4.0 (13 CPE variants)
Published
Apr 15, 2011
Tracked Since
Feb 18, 2026