Page 1 of 1
WebGL Flaw
Posted: Tue May 10, 2011 11:21 am
by kiwi
http://www.contextis.co.uk/resources/blog/webgl/
can you add an option to disable WebGL or to block cross-domain request?
Thanks!
Re: WebGL Flaw
Posted: Tue May 10, 2011 2:53 pm
by Giorgio Maone
It's not trivial, since they're seen as normal cross-site image loads.
However, the attack requires JavaScript enabled on the attacker's site, so NoScript already protects against it.
Re: WebGL Flaw
Posted: Sat May 14, 2011 1:23 pm
by therube
WebGL & Security
> The blacklist can be deployed daily without a full software update so we can respond rapidly to any issues.
Wonder that might entail as far as the numbers, upkeep, ...