[Public WebGL] Webgl

Benoit Jacob [email protected]
Wed May 11 10:04:18 PDT 2011


The only real exploit at this point is the cross-domain image stealer
  http://www.contextis.co.uk/resources/blog/webgl/poc/index.html
I'm working on it (speaking only for Mozilla).

Aside from that, a bug has been found, either in ANGLE or in D3D9, that causes a crash on an invalid write. While invalid write bugs are of course potentially exploitable, they didn't show exploit for it at this point. This kind of bug is discovered and fixed or worked around all the time, so I don't consider that particularly newsworthy.

Regarding the rest of the Context blog, like

    Fundamentally, WebGL now allows full (Turing Complete) programs
    from the internet to reach the graphics driver and graphics hardware
    which operate in what is supposed to be the most protected part of
    the computer (Kernel Mode).

I don't understand what that means.

Benoit


----- Original Message -----
> What's all the hubbub about a webgl exploit? News is spreading like
> wildfire.
> -----------------------------------------------------------
> You are currently subscribed to [email protected]
> To unsubscribe, send an email to [email protected] with
> the following command in the body of your email:
> unsubscribe public_webgl
> -----------------------------------------------------------
-----------------------------------------------------------
You are currently subscribed to [email protected]
To unsubscribe, send an email to [email protected] with
the following command in the body of your email:
unsubscribe public_webgl
-----------------------------------------------------------




More information about the public_webgl mailing list