Mozilla Foundation Security Advisory 2011-25
Title: Stealing of cross-domain images using WebGL textures
Announced: June 21, 2011
Reporter: Context IS
Products: Firefox, SeaMonkey
Fixed in: Firefox 5
Security research firm Context IS discovered that an image from a different domain could be loaded into a WebGL texture, and then each pixel could be rendered into a canvas element with a shader program, creating an approximation of the image in a form that was readable by the creator of the WebGL texture. This could be used to steal image data from a different site and is considered a violation of the same-origin policy.
The WebGL functionality was introduced in the browser engine used by Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.