Skip to main content

Mozilla spars with Microsoft over WebGL security

WebGL general graphic
Image used with permission by copyright holder

Last week, Microsoft raised some hackles in the Web development community by claiming that there was no way to implement the WebGL open 3D graphics standard in Internet Explorer without exposing users to unacceptable potential security risks.

WebGL is a 3D graphics environment build on OpenGL 2.0, used for many 3D games and technologies, and promises to bring hardware-accellerated 3G graphics support to Web browsers. Google Chrome and Mozilla Firefox already support WebGL, and Opera and Safari are working on support. However, while Microsoft has made many strides with Internet Explorer 9—and is already showing off work on IE10— Internet Explorer offers no support for WebGL.

In a detailed posting, Microsoft outlined its primary reasons for considering WebGL a security risk: that WebGL exposes hardware functionality (e.g. video cards and processing) to Web content in an “overly permissive” way, that WebGL security servicing relies too heavily on third party components, and that today’s graphics systems were never intended to cope with shaders and 3D geometries that are specifically designed as attacks.

“We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities,” Microsoft wrote. “In its current form, WebGL is not a technology Microsoft can endorse from a security perspective.”

Microsoft also cited two reports from Context Information Security that outlined security issued in WebGL.

Not surprisingly, WebGL supporters take issue with Microsoft’s position, and leading the charge for the moment is Mozilla’s VP of technical strategy, Mike Shaver, who notes that Microsoft seems to overcome all of the concerns it has over WebGL in its own Silverlight technology. Although Silverlight uses Microsoft’s own Direct3D technology on Windows, on Mac OS X Silverlight taps into OpenGL in pretty much the same manner as WebGL.

“I suspect that whatever hardening [Microsoft] applied to the low-level D3D API wrapped by Silverlight 3D can be applied to a Microsoft WebGL implementation as well,” Shaver wrote. “That Silverlight supports Mac as well, where these capabilities must be mapped to OpenGL, makes me even more confident.”

Shaver acknowledges security issues in WebGL are real—including bugs that impact Firefox’s WebGL implementation. However, Shaver argues these issues are like security issues in any other technology and are being addressed by a responsible ecosystem of partners and developers.

“It may be that we’re more comfortable living on top of a stack we don’t control all the way to the metal than are OS vendors,” Shaver wrote, “but our conversations with the developers of the drivers in question make us confident that they’re as committed as us and Microsoft to a robust and secure experience for our shared users.”

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Best color laser printers for 2024: tested and reviewed
A Brother printer on a counter in front of a brick wall.

The best color laser printers can be a great investment, saving you quite a bit of time and money. For shoppers worried about the long-term ink costs, you'll find color laser printers surprisingly affordable. Laser printers use toner, which lasts a very long time, delivering a low cost per page for monochrome documents and fast color prints. The best color laser printers offer quick performance and reliability to help keep your home office or small business productive.

If you need to scan documents for record-keeping and photo capture or want the convenience of a color copier, an all-in-one color laser printer is an essential tool for your small business or personal use. For a small added cost, you get expanded capabilities. That's why every model on this list is an all-in-one from the best printer brands.

Read more
The 5 best Wi-Fi adapters for PC in 2024
The Ugreen AC1300 Wi-Fi adapter in a desktop PC.

Whether you're designing it yourself or getting a pre-built PC, it can be easy to get a computer and realize that it doesn't have a native Wi-Fi adapter. Or, maybe it does, but you're internet speeds are getting faster, game downloads are getting bigger, you've already upgraded your router and need an adapter to match your newfound power requirements. No matter the situation, an external Wi-Fi adapter that you can add to your PC setup or even laptop setup will be worth your time. Here, we investigate the best Wi-Fi adapters for PC use. Most are incredibly affordable and just snap into a free USB port and start working.
The best Wi-Fi adapter for PC in 2024

Buy the

Read more
How to pin a website to the taskbar in Windows
A man sits, using a laptop running the Windows 11 operating system.

Windows includes many interesting tools, but if you’re like many people, more and more of your digital life is happening in your web browser and nowhere else. That being the case, you’ll want to keep your most important websites close at hand. The easiest way to access them in Windows is the Start menu and the taskbar, treating them more or less like programs in and of themselves.

Although easy overall, getting a website from your browser to your taskbar is slightly different depending on which browser you’re using.

Read more