Mozilla Foundation Security Advisory 2011-25

Stealing of cross-domain images using WebGL textures

Announced
June 21, 2011
Reporter
Context IS
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 5
  • SeaMonkey 2.2

Description

Security research firm Context IS discovered that an image from a different domain could be loaded into a WebGL texture, and then each pixel could be rendered into a canvas element with a shader program, creating an approximation of the image in a form that was readable by the creator of the WebGL texture. This could be used to steal image data from a different site and is considered a violation of the same-origin policy.

The WebGL functionality was introduced in the browser engine used by Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.

References