CVE-2011-2598 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 70.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Jenkins ANT Plugin Jenkins Core +1 more

Timeline

PublishedJun 30

Latest updateMay 17

Description

The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDmozilla/firefox4.0, 4.0.1+1

▶jenkinsjenkins/ant_plugin

▶jenkinsjenkins/jenkins_lts

▶jenkinsjenkins/jenkins_core

🔴Vulnerability Details

GHSA

GHSA-833r-vjfj-j25r: The WebGL implementation in Mozilla Firefox 4↗2022-05-17

▶