Hole found in Firefox 4 WebGL implementation
A security hole has been discovered in the WebGL implementation of Firefox 4 by the British security researchers at Context Information Security. The researchers have been continuing their previous work looking for flaws in WebGL and have found they can perform a "memory stealing" attack using WebGL.
This approach allows an attacker to create and save screenshots of what the browser has displayed. This includes all data, not just WebGL content. In their proof of concept, the researchers manage to extract "snapshots" of the graphics card's memory that was previously used to display web pages. The vulnerability is specific to the WebGL implementation in Firefox 4 and does not occur in Google Chrome.
The next version of Firefox, version 5, is due to appear next week, 21 June, and it appears that the bug has been addressed in that version. Users can upgrade to the beta version of the next Firefox now or disable WebGL by going to the about:config
screen and changing the webgl.disabled property to true.
Context's previous research had demonstrated ways of overloading a graphics card using WebGL which could result in a "blue screen" crash on Windows 7. It also showed how it was possible to use Cross Domain Textures in WebGL to circumvent the Same Origin policy of web browsers; this work prompted Mozilla to disable cross domain support for textures in Firefox 5.
(djwm)