Closed
Bug 1544579
Opened 6 years ago
Closed 6 years ago
libANGLE OOB access for dynamic attribs with offsets
Categories
(Core :: Graphics: CanvasWebGL, defect, P1)
Core
Graphics: CanvasWebGL
Tracking
()
RESOLVED
DUPLICATE
of bug 1550655
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | fixed |
| firefox66 | --- | wontfix |
| firefox67 | --- | wontfix |
| firefox68 | --- | unaffected |
People
(Reporter: dveditz, Assigned: jgilbert)
References
Details
(Keywords: csectype-bounds, sec-moderate)
Chromium took an Out of Bounds fix in ANGLE, looks like the fix will be in Chrome 74. Seems to apply to the code we have
https://chromium.googlesource.com/angle/angle/+/0719a88e7f248f5e9d46e54f73c182ed7fb1b5c5
|
Assignee | |
Updated•6 years ago
|
Priority: -- → P1
|
Reporter | |
Comment 1•6 years ago
|
||
The Chrome bug is Security_Severity-Medium because it's only a 3 byte (non-pointer) read in a sandboxed process. Going with that unless we know for sure we don't use this code. In the chrome case it's triggered through WebGL2 and Jeff says we don't use libANGLE for as much stuff as Chrome does.
Keywords: sec-moderate
|
|
Assignee | |
Comment 2•6 years ago
|
||
Also in 68 already.
status-firefox66:
--- → wontfix
status-firefox67:
--- → affected
status-firefox68:
--- → unaffected
status-firefox-esr60:
--- → affected
|
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → jgilbert
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
|
|
Assignee | |
Updated•6 years ago
|
|
|
Reporter | |
Updated•2 years ago
|
Group: gfx-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•