Benoit Jacob 0aff55b5f2
Bug 656277 - Prevent loading WebGL textures from cross-domain images - r=bzbarsky, a=jpr ...
This blocks using cross-domain images and tainted canvases as WebGL textures, in response to a timing attack allowing to get approximations of cross domain images' pixel data.
This is known to break legitimate Web content (e.g. bug 662570), so it's sad to have to land this. In the hopefully near future, a way forward will be implemented allowing affected Web content to resume working: we will allow cross-domain textures that have CORS approval. This is being coordinated with other WebGL implementers on the WebGL mailing lists.
2011-06-07 13:47:54 -04:00
2011-06-07 13:47:54 -04:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-06-07 13:47:54 -04:00
2010-10-09 12:44:24 -07:00
2010-10-09 12:44:24 -07:00
2011-03-03 11:02:36 -05:00
2010-11-16 20:33:04 -08:00
2010-08-25 19:09:26 -04:00
2011-03-03 11:02:36 -05:00
2011-05-20 15:53:53 -04:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2010-11-16 20:33:04 -08:00
2011-03-03 11:02:36 -05:00
2010-08-25 19:09:26 -04:00
2010-11-16 20:33:04 -08:00
2010-08-25 19:09:26 -04:00
2010-07-16 10:30:32 -04:00
2011-03-03 11:02:36 -05:00
2010-10-09 12:44:24 -07:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2010-08-25 19:09:26 -04:00
2011-03-03 11:02:36 -05:00
2010-08-25 19:09:26 -04:00
2010-10-09 12:44:24 -07:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2010-10-09 12:44:24 -07:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2010-09-13 08:55:29 -07:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2010-08-25 19:09:26 -04:00
2011-03-03 11:02:36 -05:00
2010-08-25 19:09:26 -04:00
2011-03-03 11:02:36 -05:00
2010-12-22 19:25:48 -08:00
2011-05-24 11:05:56 -04:00
2011-03-03 11:02:36 -05:00
2010-07-16 10:30:32 -04:00
2010-08-25 19:09:26 -04:00
2010-08-25 19:09:26 -04:00
2010-08-25 19:09:26 -04:00
2010-08-25 19:09:26 -04:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2010-07-16 10:30:32 -04:00
2010-11-16 20:33:04 -08:00
2010-10-09 12:44:24 -07:00
2010-07-16 10:30:32 -04:00
2011-03-03 11:02:36 -05:00
2010-08-25 19:09:26 -04:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-05-20 15:53:53 -04:00
2011-03-03 11:02:36 -05:00
2011-01-20 17:24:47 -05:00
2010-08-25 19:09:26 -04:00
2011-03-03 11:02:36 -05:00
2010-11-16 20:33:04 -08:00
2011-03-03 11:02:36 -05:00
2010-12-03 14:44:01 -08:00
2011-03-03 11:02:36 -05:00
2010-11-16 20:33:04 -08:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2010-08-25 19:09:26 -04:00
2011-03-03 11:02:36 -05:00
2010-11-16 20:33:04 -08:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2010-08-25 19:09:26 -04:00
2010-09-13 08:56:13 -07:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2010-07-16 10:30:32 -04:00
2010-11-16 20:33:04 -08:00
2011-03-03 11:02:36 -05:00
2010-09-13 08:56:13 -07:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
2011-03-03 11:02:36 -05:00
0aff55b5f2