The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
The product does not properly verify that the source of data or communication is valid.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Opensuse | Opensuse | 13.1 (including) | 13.1 (including) |
| Opensuse | Opensuse_project | 11.4 (including) | 11.4 (including) |
| Opensuse | Opensuse_project | 12.3 (including) | 12.3 (including) |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | lucid | * |
| Firefox | Ubuntu | precise | * |
| Firefox | Ubuntu | quantal | * |
| Firefox | Ubuntu | saucy | * |
| Firefox | Ubuntu | upstream | * |