search

amq / firefox-debloat

Stop Firefox leaking data about you
MIT License
871 stars 50 forks source link

Recommendation to disable WebGL #9

Open orchid-hybrid opened 9 years ago

orchid-hybrid commented 9 years ago

Recommend disabling WebGL for security purposes:

see also my mailing list post: http://lists.gnu.org/archive/html/bug-gnuzilla/2015-06/msg00005.html

amq commented 9 years ago

Microsoft added WebGL in Edge:

https://blogs.windows.com/msedgedev/2015/04/29/introducing-microsoft-edge-the-browser-built-for-windows-10/

http://blogs.windows.com/msedgedev/2015/05/07/bringing-asm-js-to-chakra-microsoft-edge/

It looks like the only security vulnerability discovered to time has been fixed in WebGL spec 1.0.1 (denial of service issue is yet to be fixed) as described here:

https://www.khronos.org/webgl/security/