The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.
References
Link | Resource |
---|---|
http://code.google.com/p/angleproject/source/detail?r=611 | Vendor Advisory |
http://code.google.com/p/chromium/issues/detail?id=70070 | Vendor Advisory |
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html | Vendor Advisory |
http://secunia.com/advisories/44141 | Vendor Advisory |
http://www.mozilla.org/security/announce/2011/mfsa2011-17.html | Vendor Advisory |
http://www.securityfocus.com/bid/47377 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1025377 | Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2011/1006 | Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=623791 | Issue Tracking Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/66766 | Third Party Advisory VDB Entry |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14466 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2011-04-15T19:00:00
Updated: 2017-09-18T12:57:01
Reserved: 2011-03-06T00:00:00
Link: CVE-2011-1300
JSON object: View
NVD Information
Status : Analyzed
Published: 2011-04-15T19:55:00.700
Modified: 2019-07-18T12:28:34.053
Link: CVE-2011-1300
JSON object: View
Redhat Information
No data.
CWE