CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.4%
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows,
mishandles shader access, which allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via crafted (1) OpenGL or (2) WebGL content.