June 19, 2011

Hole in Fixefox 4 WebGL

I just read that firefox 4 has a hole in its WebGL application that allows screen shots of what a browser just displayed. This means all information on the page, password, names, etc.

This is an article that was post on the homepage of linux.com titled,"Hole Found in Firefox 4 WebGL Implementation". Here is a sample paragraph of the article.

"This approach allows an attacker to create and save screenshots of what the browser has displayed. This includes all data, not just WebGL content. In their proof of concept, the researchers manage to extract "snapshots" of the graphics card's memory that was previously used to display web pages. The vulnerability is specific to the WebGL implementation in Firefox 4 and does not occur in Google Chrome."


The security hole is fixed in firefox 5. Users of firefox 4 can disable WebGL or upgrade to the beta version of firefox 5. To do this, type: about:config in your firefox url box, scroll to line named WebGL.disabled. Select it, right click and choose toggle to change it to "true".

Click Here!