CVE-2011-2989

Firefox 4.x-5 and SeaMonkey < 2.3 - Remote Code Execution via WebGL Implementation

Title source: llm
STIX 2.1

Description

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

References (7)

Core 7
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=674042
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14528
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49055

Scores

EPSS 0.0448
EPSS Percentile 90.4%

Details

CWE
CWE-119
Status published
Products (20)
mozilla/firefox 4.0 (13 CPE variants)
mozilla/firefox 4.0.1
mozilla/firefox 5.0
mozilla/seamonkey 2.0 (8 CPE variants)
mozilla/seamonkey 2.0.1
mozilla/seamonkey 2.0.2
mozilla/seamonkey 2.0.3
mozilla/seamonkey 2.0.4
mozilla/seamonkey 2.0.5
mozilla/seamonkey 2.0.6
... and 10 more
Published Aug 18, 2011
Tracked Since Feb 18, 2026