You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-51

Mozilla Foundation Security Advisory 2011-51

Title: Cross-origin image theft on Mac with integrated Intel GPU
Impact: High
Announced: November 8, 2011
Reporter: Claus Wahlers
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 8.0
  Thunderbird 8.0
  SeaMonkey 2.5


Claus Wahlers reported that random images from GPU memory were showing up in WebGL textures. Once incorporated into the WebGL graphics it is possible for a site to programatically read the image data and potentially gain sensitive data from other things that had been displayed earlier. This problem is due to a bug in the driver for Intel integrated GPUs on recent Mac OS X hardware, and the problem can be seen in WebGL implementations from other vendors. Mozilla has implemented a work-around to prevent this from happening with this hardware-driver combination.