CVSS: 7.5EPSS: 0%CPEs: 225EXPL: 2CVE-2011-2366
https://notcve.org/view.php?id=CVE-2011-2366
30 Jun 2011 — Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Mozilla Gecko usado en Firefox v5.0 y Thunderbird antes de v5.0, no bloquea el uso de una imagen como textura WebGL en dominios cruzados, lo que permite a atacantes remotos obtener copias aproximadas de imágenes arbitrarias... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2004-1639
https://notcve.org/view.php?id=CVE-2004-1639
26 Oct 2004 — Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. • http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html •