CVE-2011-2987

Firefox 4.x-5 - Remote Code Execution via WebGL ANGLE Heap Overflow

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49226
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49055
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14285
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=665934

Scores

EPSS 0.0544
EPSS Percentile 91.8%

Details

CWE
CWE-119
Status published
Products (34)
mozilla/firefox 4.0 (13 CPE variants)
mozilla/firefox 4.0.1
mozilla/firefox 5.0
mozilla/seamonkey 1.0 (3 CPE variants)
mozilla/seamonkey 1.0.1
mozilla/seamonkey 1.0.2
mozilla/seamonkey 1.0.3
mozilla/seamonkey 1.0.4
mozilla/seamonkey 1.0.5
mozilla/seamonkey 1.0.6
... and 24 more
Published Aug 18, 2011
Tracked Since Feb 18, 2026