This post is more than 5 years old
3 Apprentice
•
15.2K Posts
0
2655
Now patched: Firefox WebGL Graphics Memory Information Disclosure Weakness
The following has been "adapted" from http://secunia.com/advisories/44972/ and
http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/ :
Description
[A third-party] has reported a [non-critical] weakness in Mozilla Firefox 4, which can be exploited by malicious people to disclose potentially sensitive [private/confidential] information.
An unspecified error in [Firefox's] WebGL implementation can be exploited to disclose certain information e.g. screenshots of a victim's desktop.
The weakness is reported in version 4.0.1. Other versions may also be affected.
Solution
The vendor recommends to [temporarily] disable WebGL. Mozilla has [tentatively] scheduled a fix for 2011-06-21.
=========
Since this weakness is rated "non-critical", and since it should be fixed in just a few days, users can decide whether or not they wish to implement the suggested temporary work-around. If you do, you'll probably have to UNdo it when the fixed version is released.
Here's how to [temporarily] disable WebGL:
in Firefox, in the address bar, type-in
about:config
and press ENTER
you'll receive a scary warning that proceeding might void your warranty... click on I'll be careful, I promise!
Scroll down to highlight webgl.disabled
RIGHT-click, and select Toggle
this will change from the default status of false to the user set status of true
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
1
June 21st, 2011 13:00
Solution: Update to FF 5.0 (now available) via internal updater in v4.0.1
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
June 22nd, 2011 06:00
Please stress that while the original WebGL vulnerability was classified as "NON-critical",
it has subsequently been determined that FF 4.0.1 contained several other HIGHLY critical vulnerabilities.
The update to FF5 fixes all (currently known) vulnerabilities.