Firefox, Chrome, Opera & Safari users beaware

Started by Glenn, May 11, 2011, 17:04:05

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Glenn

The US Computer Emergency Readiness Team is advising users of the Mozilla Firefox and Google Chrome browsers to disable a recently added graphics engine that can be exploited to take control of end user computers.

The web standard known as WebGL opens the browsers to serious attacks, including the remote execution of malicious code, independent research consultancy Context Information Security recently warned. The technology made its debut in version 9 of Chrome and was added to the recently released Firefox 4. WebGL is also present in builds of Opera and Apple's Safari.

http://www.theregister.co.uk/2011/05/11/chrome_firefox_security_threat/
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Technical Ben

More plugins external to HTML with vulnerabilities? Did ActiveX teach them nothing?
I use to have a signature, then it all changed to chip and pin.

Rik

Apparently not, Ben. Makes you despair, doesn't it.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Steve

All browsers are dangerous, read a book or a newspaper. >:D It's all getting bloody ridiculous,they'll be saying smoking's dangerous soon.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

 ;D

I can remember a time when doctors thought it was beneficial, Steve.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

gizmo71

Quote from: Rik on May 11, 2011, 18:41:53
I can remember a time when doctors thought it was beneficial, Steve.

Red wine still is though, isn't it? :fingers:
SimRacing.org.uk Director General | Team Shark Online Racing - on the podium since 1993
Up the Mariners!

Steve

Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

The next academic looking to make their name with some dubious piece of research.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Steve

Back to topic at least with Safari you have to enable it whereas as with FF4 and Chrome it's enabled by default I believe .
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

DorsetBoy

WebGL is NOT in the current stable release of Opera despite what they say here, there is a preview release available of Opera/WebGL but you have nothing to worry about unless you have downloaded this preview.

Why are developers using this system in any browser when there have been flaws known and warnings previously given?

Technical Ben

Quote from: gizmo71 on May 11, 2011, 18:44:26
Red wine still is though, isn't it? :fingers:
Depends if you remember to take it out of the bottle before trying to consume it.
I use to have a signature, then it all changed to chip and pin.

Lance

Lance
_____

This post reflects my own views, opinions and experience, not those of IDNet.

esh

Internet identified as security threat. Lock up your computers! News at 11.
CompuServe 28.8k/33.6k 1994-1998, BT 56k 1998-2001, NTL Cable 512k 2001-2004, 2x F2S 1M 2004-2008, IDNet 8M 2008 - LLU 11M 2011

Den

Mr Music Man.

Steve

#15
If anyone wants to see some WebGL here's a few examples - http://www.chromeexperiments.com/webgl/ I can confirm it's no go with Safari but they do work on FF4 and Chrome.

If you wish to disable it

"In Firefox 4, type "about:config" (minus the quotes) into the address bar and set webgl.disabled to true. In Chrome, get to the command line of your operating system and add the --disable-webgl flag to the Chrome command. On a Windows machine, the command line would be "chrome.exe --disable-webgl".


http://www.theregister.co.uk/2011/05/11/chrome_firefox_security_threat/
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

gizmo71

I explicitly turned it off in FireFox, but their example page didn't work before I did that, which suggests they aren't as clever as they think they are.

Reading the details of the exploit it's pretty noddy stuff, not good but hardly a full on remote code execution issue.

Flash is far more scary! >:D
SimRacing.org.uk Director General | Team Shark Online Racing - on the podium since 1993
Up the Mariners!

Gary

Quote from: Steve on May 11, 2011, 18:52:58
Back to topic at least with Safari you have to enable it whereas as with FF4 and Chrome it's enabled by default I believe .
Very true, shame Safari was the first browser to fall in the pwn2own contest though  :whistle:  ;)
Damned, if you do damned if you don't

Technical Ben

Quote from: Lance on May 11, 2011, 22:42:17
Time to start using IE 9!!!

IE 10 must be the safest so far though right?  :whistle:
I use to have a signature, then it all changed to chip and pin.