InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

WebGL Flaw

https://forums.informaction.com/viewtopic.php?t=6448

Page 1 of 1

WebGL Flaw

Posted: Tue May 10, 2011 11:21 am
by kiwi
http://www.contextis.co.uk/resources/blog/webgl/

can you add an option to disable WebGL or to block cross-domain request?

Thanks!

Re: WebGL Flaw

Posted: Tue May 10, 2011 2:53 pm
by Giorgio Maone
It's not trivial, since they're seen as normal cross-site image loads.

However, the attack requires JavaScript enabled on the attacker's site, so NoScript already protects against it.

Re: WebGL Flaw

Posted: Sat May 14, 2011 1:23 pm
by therube
WebGL & Security

> The blacklist can be deployed daily without a full software update so we can respond rapidly to any issues.

Wonder that might entail as far as the numbers, upkeep, ...
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited