http://www.contextis.co.uk/resources/blog/webgl/
can you add an option to disable WebGL or to block cross-domain request?
Thanks!
WebGL Flaw
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: WebGL Flaw
It's not trivial, since they're seen as normal cross-site image loads.
However, the attack requires JavaScript enabled on the attacker's site, so NoScript already protects against it.
However, the attack requires JavaScript enabled on the attacker's site, so NoScript already protects against it.
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Re: WebGL Flaw
WebGL & Security
> The blacklist can be deployed daily without a full software update so we can respond rapidly to any issues.
Wonder that might entail as far as the numbers, upkeep, ...
> The blacklist can be deployed daily without a full software update so we can respond rapidly to any issues.
Wonder that might entail as far as the numbers, upkeep, ...
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20110511 Firefox/4.0.1 SeaMonkey/2.1