CVE-2011-1300 — HIGH (10.0)

Q: How severe is CVE-2011-1300?

CVE-2011-1300 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1300?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Microsoft Windows, Google Chrome.

Vulnerability Description

The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	4.0
Microsoft	Windows	-
Google	Chrome	< 10.0.648.205

Related Weaknesses (CWE)

CWE-189

References

http://code.google.com/p/angleproject/source/detail?r=611Vendor Advisory
http://code.google.com/p/chromium/issues/detail?id=70070Vendor Advisory
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.htmlVendor Advisory
http://secunia.com/advisories/44141Vendor Advisory
http://www.mozilla.org/security/announce/2011/mfsa2011-17.htmlVendor Advisory
http://www.securityfocus.com/bid/47377Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1025377Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2011/1006Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=623791Issue TrackingVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66766Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://code.google.com/p/angleproject/source/detail?r=611Vendor Advisory
http://code.google.com/p/chromium/issues/detail?id=70070Vendor Advisory
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.htmlVendor Advisory
http://secunia.com/advisories/44141Vendor Advisory

FAQ

What is CVE-2011-1300?

CVE-2011-1300 is a vulnerability with a CVSS score of 10.0 (HIGH). The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4...

How severe is CVE-2011-1300?

CVE-2011-1300 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1300?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Microsoft Windows, Google Chrome.