CVE-2011-2366
https://notcve.org/view.php?id=CVE-2011-2366
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Mozilla Gecko usado en Firefox v5.0 y Thunderbird antes de v5.0, no bloquea el uso de una imagen como textura WebGL en dominios cruzados, lo que permite a atacantes remotos obtener copias aproximadas de imágenes arbitrarias mediante un ataque de temporizacion mediante la participación de un fragmento sombreado manipulado en WebGL. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030882.html http://www.contextis.co.uk/resources/blog/webgl http://www.mozilla.org/security/announce/2011/mfsa2011-25.html https://bugzilla.mozilla.org/show_bug.cgi?id=655987 https://bugzilla.mozilla.org/show_bug.cgi?id=656277 https://bugzilla.mozilla.org/show_bug.cgi?id=659349 https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures https: • CWE-20: Improper Input Validation •
CVE-2004-1639
https://notcve.org/view.php?id=CVE-2004-1639
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. • http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html http://marc.info/?l=bugtraq&m=109886388528179&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17839 •