A security hole has been discovered in the WebGL implementation of Firefox 4 by the British security researchers at Context Information Security. The researchers have been continuing their previous work looking for flaws in WebGL and have found they can perform a "memory stealing" attack using WebGL.
This approach allows an attacker to create and save screenshots of what the browser has displayed. This includes all data, not just WebGL content. In their proof of concept, the researchers manage to extract "snapshots" of the graphics card's memory that was previously used to display web pages. The vulnerability is specific to the WebGL implementation in Firefox 4 and does not occur in Google Chrome.

The link for this article located at H Security is no longer available.