Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox Gecko WebGL越界读取信息泄露漏洞
Vulnerability Description
Gecko是由Mozilla基金会开发的布局引擎的名字。它原本叫作 NGLayout。Gecko的作用是读取诸如HTML、CSS、XUL和JavaScript等的网页内容,并呈现到 用户屏幕或打印出来。 在Mozilla Firefox 5.0之前版本和Thunderbird 5.0之前版本中使用的Mozilla Gecko 5.0之前版本不能限制跨域图像作为WebGL结构的使用。该漏洞源于WebGL代码中的越界读取和无效写入,远程攻击者可借助涉及特制WebGL碎片着色程序的定时攻击获取近似任意图像的副本
CVSS Information
N/A
Vulnerability Type
N/A