CERT: Current Activity - WebGL Security Risks

CERT mailing list archives

Current Activity - WebGL Security Risks

From: Current Activity <us-cert () us-cert gov>
Date: Tue, 10 May 2011 11:58:47 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

WebGL Security Risks

Original release date: May 10, 2011 at 11:35 am
Last revised: May 10, 2011 at 11:35 am


US-CERT is aware of reports indicating that WebGL contains multiple
significant security issues. The impact of these issues includes
arbitrary code execution, denial of service, and cross-domain attacks.
WebGL is a new web standard that is enabled by default in Firefox 4
and Google Chrome and is included in Safari.

US-CERT encourages users and administrators to review the Context
report and disable WebGL to help mitigate the risks.

Relevant Url(s):
<http://www.contextis.com/resources/blog/webgl/>

====
This entry is available at
http://www.us-cert.gov/current/index.html#web_users_warned_to_turn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTclgnT6pPKYJORa3AQIy5AgAr6aGREobV4UGqlP1ATVvehWWoPHdtEjm
jJgWSsm8GXo5jGCK7UZQDm+tm9Ad0VBq0/0eQZM/GO+UC/RRWPjrA2v4AWtUQkRm
AR2z0usWVFbRNHEMB0zRCyU5Iz6Js7lvDmD6TzHPyJ7czYdTHg1lHDUqoJad1BM0
NYYs9DpZZLTTjD5GZX8EVEmySXYtvE55BVT0iQL9VMxnTJAoQZmLPttc6Y/nTV//
GP69tzUiEeb9ZQ0lwiZRzM1gah8ebODbJ5VSNz1PML8qjgOOfPEt2Ayl3RK6zb9p
K4Hlx3UWmt0GI9GSfj4eHUw6/Oc3nyWwAJQxlumxI7jisSW3ScIbGg==
=xuZW
-----END PGP SIGNATURE-----

By Date By Thread

Current thread:

Current Activity - WebGL Security Risks Current Activity (May 10)
- <Possible follow-ups>
- Current Activity - WebGL Security Risks Current Activity (May 16)