Platform/GFX/WebGL-Security-2011-10-28

From MozillaWiki

< Platform‎ | GFX

Revision as of 16:56, 28 October 2011 by Bjacob (talk | contribs) (Created page with "* Patterns of WebGL exploits so far (Benoit) ** More details have been sent to security-group on June 29 and October 28. ** Pattern A (Relying on a particular GL state, forgettin...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Patterns of WebGL exploits so far (Benoit)
- More details have been sent to security-group on June 29 and October 28.
- Pattern A (Relying on a particular GL state, forgetting that scripts can change it)
  - June 29 review: Bug 659349
  - October 28 review: no new bugs in this category
- Pattern B (Mistake when keeping track of GL state)
  - June 29 review: Bug 656752, Bug 665070
  - October 28 review: Bug 665070
- Pattern C (Timing attacks)
  - June 29 review: Bug 656277
  - October 28 review: no new bugs in this category
- Pattern D (Driver bugs)
  - Type 1: Can be worked around.
    - June 29 review: Bug 631420, Bug 657201
    - October 28 review: Bug 665578, Bug 658826, Bug 684882, Bug 675625, Bug 674042
  - Type 2: Can be blacklisted. Tons of examples.
  - Type 3: Ones we ignore for now because extensive DOS mitigations not available
- Pattern E (Implementation Bugs that are not at all GL-specific)
  - June 29 review: Bug 648705 in our WebGL implementation; Bug 665934 in ANGLE.
  - October 28 review: Bug 686398, Bug 685793, Bug 682335 in our WebGL implementation; Bug 680840, Bug 665936 in ANGLE.

Retrieved from "https://wiki.allizom.org/index.php?title=Platform/GFX/WebGL-Security-2011-10-28&oldid=362150"