CVE-2011-2598
Firefox 4.x - Unauthorized Sensitive Information Exposure via WebGL and SVG Filter
Title source: llmDescription
The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48319
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14207
Exploit x_refsource_misc
http://www.contextis.com/resources/blog/webgl2/
Various Sources x_refsource_misc
http://www.theregister.co.uk/2011/06/16/webgl_security_threats_redux/
Scores
EPSS
0.0130
EPSS Percentile
67.0%
Details
CWE
CWE-200
Status
published
Products (2)
mozilla/firefox
4.0 (13 CPE variants)
mozilla/firefox
4.0.1
Published
Jun 30, 2011
Tracked Since
Feb 18, 2026