On 9/7/12 5:42 PM, NoOp wrote: > On 09/07/2012 04:46 PM, David E. Ross wrote: >> On 9/7/12 3:30 PM, Chris Ilias wrote: >>> On 12-09-07 9:34 AM, hawker wrote: >>>> I see Google has a new map sytem called MapsGL. >>>> >>>> When I try to use it in Seamonky 2.11 it says my browser is not >>>> supported. Under supported browsers it lists Firefox going back a ways >>>> (version 8) so Seamonkey should work as well. >>>> >>>> I understand Seamonkey now advertises itself as Firefox, so can anyone >>>> tell me why this is not working and what to do to make it work? >>> >>> MapsGL uses WebGL, which requires support from both the browser and your >>> graphics card. >>> WebGL support was added in SeaMonkey 2.1. >>> We can get more info about your graphics card and whether or it supports >>> WebGL if you post your Troubleshooting Information. Go to >>> Help-->Troubleshooting_Information, then click [Copy all to Clipboard]. >>> Open a reply to this post, and go to Edit-->Paste to paste the info from >>> your Troubleshooting Information page. >>> >> >> From US-CERT at >> <http://www.us-cert.gov/current/archive/2011/05/19/archive.html#web_users_warned_to_turn>: >> >>> WebGL Security Risks added May 11, 2011 at 01:50 pm | updated May 16, >>> 2011 at 10:20 am >>> >>> US-CERT is aware of reports indicating that WebGL contains multiple >>> significant security issues. The impact of these issues includes >>> denial of service, and cross-domain attacks. WebGL is a new web >>> standard that is enabled by default in Firefox 4 and Google Chrome >>> and is included in Safari. >>> >>> US-CERT encourages users and administrators to review the Context >>> report and update their systems as necessary to help mitigate the risks. >> ["Context report is at <http://www.contextis.com/resources/blog/webgl/>] >> >> Thus, I disabled WebGL. I have seen no notice of this vulnerability >> being fixed. >> > > You might want to ad this url: > <https://www.mozilla.org/security/announce/2012/mfsa2012-62.html> > Title: WebGL use-after-free and memory corruption > Impact: Critical > Announced: August 28, 2012 > Reporter: miaubiz > Products: Firefox, Thunderbird, SeaMonkey > > Fixed in: Firefox 15 > Firefox ESR 10.0.7 > Thunderbird 15 > Thunderbird ESR 10.0.7 > SeaMonkey 2.12 > > Perhaps 'hawker' will consider upgrading to SeaMonkey 2.12 from 2.11 - > at least for the WebGL security fix? > > >
Mozilla Foundation Security Advisory 2012-62 is not the same as the vulnerability cited by US-CERT. Advisory 2012-62 says: > The first issue is a use-after-free when WebGL shaders are called > after being destroyed. The second issue exposes a problem with Mesa > drivers on Linux, leading to a potentially exploitable crash. It refers to two CVEs (CVE-2012-3967 and CVE-2012-3968) that were both submitted to the Common Vulnerabilities and Exposures List within the past two months. The US-CERT vulnerability was reported more than a year ago and deals with denial of service through crashes and cross-domain attacks. These appear to be CVE-2011-2366 (fixed with bug #655987) and CVE-2011-2367 (fixed with bug #656752). Despite the fix of the vulnerabilities noted by US-CERT and those noted in Advisory 2012-62, there remain 214 open WebGL bugs, 29 of them Critical and 7 of them Major. Thus, I will continue to disable WebGL. -- David E. Ross <http://www.rossde.com/> Anyone who thinks government owns a monopoly on inefficient, obstructive bureaucracy has obviously never worked for a large corporation. © 1997 by David E. Ross _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
