Stealing of cross-domain images using WebGL textures
- June 21, 2011
- Context IS
- Firefox, SeaMonkey
- Fixed in
- Firefox 5
- SeaMonkey 2.2
Security research firm Context IS discovered that an image from a different domain could be loaded into a WebGL texture, and then each pixel could be rendered into a canvas element with a shader program, creating an approximation of the image in a form that was readable by the creator of the WebGL texture. This could be used to steal image data from a different site and is considered a violation of the same-origin policy.
The WebGL functionality was introduced in the browser engine used by Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.