WebGL Flaw

Ask for help about NoScript, no registration needed to post
kiwi

WebGL Flaw

Post by kiwi »

http://www.contextis.co.uk/resources/blog/webgl/

can you add an option to disable WebGL or to block cross-domain request?

Thanks!
Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: WebGL Flaw

Post by Giorgio Maone »

It's not trivial, since they're seen as normal cross-site image loads.

However, the attack requires JavaScript enabled on the attacker's site, so NoScript already protects against it.
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: WebGL Flaw

Post by therube »

WebGL & Security

> The blacklist can be deployed daily without a full software update so we can respond rapidly to any issues.

Wonder that might entail as far as the numbers, upkeep, ...
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20110511 Firefox/4.0.1 SeaMonkey/2.1
Post Reply