Hole found in Firefox 4 WebGL implementation


"A security hole has been discovered in the WebGL implementation of
Firefox 4 by the British security researchers at Context Information
Security. The researchers have been continuing their previous work
looking for flaws in WebGL and have found they can perform a 'memory
stealing' attack using WebGL.

This approach allows an attacker to create and save screenshots of what
the browser has displayed. This includes all data, not just WebGL
content. In their proof of concept, the researchers manage to extract
'snapshots' of the graphics card's memory that was previously used to
display web pages. The vulnerability is specific to the WebGL
implementation in Firefox 4 and does not occur in Google Chrome."