CVE-2011-1300
First published: Fri Apr 15 2011(Updated: )
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =4.0 | |
| Firefox | =4.0-beta1 | |
| Firefox | =4.0-beta10 | |
| Firefox | =4.0-beta11 | |
| Firefox | =4.0-beta12 | |
| Firefox | =4.0-beta2 | |
| Firefox | =4.0-beta3 | |
| Firefox | =4.0-beta4 | |
| Firefox | =4.0-beta5 | |
| Firefox | =4.0-beta6 | |
| Firefox | =4.0-beta7 | |
| Firefox | =4.0-beta8 | |
| Firefox | =4.0-beta9 | |
| Microsoft Windows | ||
| Google Chrome (Trace Event) | <10.0.648.205 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
- http://code.google.com/p/chromium/issues/detail?id=70070
- http://www.securitytracker.com/id?1025377
- http://www.vupen.com/english/advisories/2011/1006
- http://secunia.com/advisories/44141
- http://www.securityfocus.com/bid/47377
- http://code.google.com/p/angleproject/source/detail?r=611
- http://www.mozilla.org/security/announce/2011/mfsa2011-17.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=623791
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66766
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14466
Frequently Asked Questions
What is the severity of CVE-2011-1300?
CVE-2011-1300 is classified as a high severity vulnerability that can lead to remote code execution.
How do I fix CVE-2011-1300?
To fix CVE-2011-1300, you should update to Mozilla Firefox version 4.0.1 or later, and Google Chrome version 10.0.648.205 or later.
Which software versions are affected by CVE-2011-1300?
CVE-2011-1300 affects Mozilla Firefox 4.0 and its beta versions, along with Google Chrome versions prior to 10.0.648.205.
What type of vulnerability is CVE-2011-1300?
CVE-2011-1300 is a vulnerability found in the WebGLES library that allows for remote code execution.
Can CVE-2011-1300 be exploited remotely?
Yes, CVE-2011-1300 can be exploited remotely, potentially allowing attackers to execute arbitrary code on the affected systems.
- collector/nvd-historical
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/firefox
- version/firefox/4.0
- version/firefox/4.0-beta1
- version/firefox/4.0-beta10
- version/firefox/4.0-beta11
- version/firefox/4.0-beta12
- version/firefox/4.0-beta2
- version/firefox/4.0-beta3
- version/firefox/4.0-beta4
- version/firefox/4.0-beta5
- version/firefox/4.0-beta6
- version/firefox/4.0-beta7
- version/firefox/4.0-beta8
- version/firefox/4.0-beta9
- vendor/microsoft
- canonical/microsoft windows
- vendor/google
- canonical/google chrome (trace event)