CVE-2011-1300

The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
mozillafirefox
4.0
mozillafirefox
4.0:beta1
mozillafirefox
4.0:beta10
mozillafirefox
4.0:beta11
mozillafirefox
4.0:beta12
mozillafirefox
4.0:beta2
mozillafirefox
4.0:beta3
mozillafirefox
4.0:beta4
mozillafirefox
4.0:beta5
mozillafirefox
4.0:beta6
mozillafirefox
4.0:beta7
mozillafirefox
4.0:beta8
mozillafirefox
4.0:beta9
googlechrome
𝑥
< 10.0.648.205
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
oneiric
not-affected
natty
Fixed 14.0.835.202~r103287-0ubuntu0.11.04.1
released
maverick
Fixed 14.0.835.202~r103287-0ubuntu0.10.10.1
released
lucid
Fixed 14.0.835.202~r103287-0ubuntu0.10.04.2
released
karmic
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://code.google.com/p/angleproject/source/detail?r=611
http://code.google.com/p/chromium/issues/detail?id=70070
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
http://secunia.com/advisories/44141
http://www.mozilla.org/security/announce/2011/mfsa2011-17.html
http://www.securityfocus.com/bid/47377
http://www.securitytracker.com/id?1025377
http://www.vupen.com/english/advisories/2011/1006
https://bugzilla.mozilla.org/show_bug.cgi?id=623791
https://exchange.xforce.ibmcloud.com/vulnerabilities/66766
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14466
http://code.google.com/p/angleproject/source/detail?r=611
http://code.google.com/p/chromium/issues/detail?id=70070
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
http://secunia.com/advisories/44141
http://www.mozilla.org/security/announce/2011/mfsa2011-17.html
http://www.securityfocus.com/bid/47377
http://www.securitytracker.com/id?1025377
http://www.vupen.com/english/advisories/2011/1006
https://bugzilla.mozilla.org/show_bug.cgi?id=623791
https://exchange.xforce.ibmcloud.com/vulnerabilities/66766
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14466