• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / News / WebGL In The News For Security Concerns in Firefox 4 and IE9

WebGL In The News For Security Concerns in Firefox 4 and IE9

2011-06-17 by Jason

The Mozilla Security Blog announced yesterday that there is a security concern with WebGL in Mozilla Firefox 4. It could allow attackers to capture screenshots of a visitors browser, including private information.

The problem is specific to Firefox’s implementation of WebGL, not a vulnerability in WebGL itself. A fix will be included in the next update to Firefox, which is scheduled for Tuesday, June 21st. In the meantime, Mozilla recommends that users either update to the Firefox Beta or disable WebGL. To disable it, in Firefox 4’s address bar type about:config. Then type webgl in the filter line and toggle the webgl.disabled to true by double-clicking on the value.

Nine hours before Mozilla’s statement was published, Microsoft’s Security Research & Defense blog posted an article simply titled WebGL Considered Harmful. The article goes on to details three key concerns Microsoft has with WebGL and how they believe it will become a recurring source of hard-to-fix vulnerabilities. (ed. note: Yet, Adobe Flash and Reader…)

The full article goes into much greater detail so be sure to give it a read, but the bullet points of their concerns include:

  • Browser support for WebGL directly exposes hardware functionality to the web in a way that we consider to be overly permissive
  • Browser support for WebGL security servicing responsibility relies too heavily on third parties to secure the web experience
  • Problematic system DoS scenarios

In its current form, WebGL is not a technology Microsoft can endorse from a security perspective.

We recognize the need to provide solutions in this space however it is our goal that all such solutions are secure by design, secure by default, and secure in deployment.

Two strikes in one day against WebGL, will it last if opinion turns on it? The two articles on the same day are not coincidental. Context Information Security LTD published an article in May calling WebGL a new dimension for browser exploitation. In almost a self-fulfilling prophecy, ContextIS published an update yesterday which demoed further WebGL security flaws – including the screenshot capture exploit Mozilla is patching in Firefox 4.

 

Filed Under: News, Security and Privacy, Software

Trending

  • Logitech peripherals now compatible with Chromebooks
    In Hardware, Gadgets, and Products
  • The new Bose Hearphones become their first foray into Personal Sound Amplification Products
    In Hardware, Gadgets, and Products
  • Nexus 6P powers off when battery hits 25%
    In Hardware, Gadgets, and Products, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • What is the AllJoyn Router Service on Windows 10? What is the AllJoyn Router Service on Windows 10?
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Troubleshooting time synchronization for domain-joined computers Troubleshooting time synchronization for domain-joined computers
  • 3d rendering circuit cloud for cloud computing technology What Is An Ellucian Migration And Is It Important?
  • Remote monitoring of text messages on a mobile device Remote monitoring of text messages on a mobile device
  • ​Great Tech Tips For Remote Workers ​Great Tech Tips For Remote Workers
  • Ideas That Will Free up MacBook Hard Drive Ideas That Will Free up MacBook Hard Drive
  • Advantages Of Video Conferencing For Small Businesses Advantages Of Video Conferencing For Small Businesses
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • What Is An Ellucian Migration And Is It Important?
  • Remote monitoring of text messages on a mobile device
  • ​Great Tech Tips For Remote Workers

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2021 · Magazine Pro Theme on Genesis Framework · WordPress · Log in