Mozilla rejects Microsoft's WebGL criticism
Mozilla's VP of Technical Strategy, Mike Shaver has rejected Microsoft's criticism of WebGL in which it said it would not implement the 3D graphics standard because of security issues in the design. Shaver says that "there is no question that the web needs 3D capabilities" to enable developers to create "advanced visualisations, games or new user interfaces" and points at Molehill (Adobe's 3D for Flash) and Microsoft's Silverlight 3D which are offering just those capabilities.
Shaver says that parts of the application stack, such as font engines, video codecs and image libraries, have been exposed in the past when new capabilities have been added and that these new threats were then "modelled, understood and mitigated". Pointing out mitigation strategies already built into Mozilla's Firefox stack – such as drivers being blocked if they are not on a whitelist and shader code being checked for validity – he believes that these, and future extensions, will make the WebGL platform more robust.
"It may be that we’re more comfortable living on top of a stack we don’t control all the way to the metal than are OS vendors" says Shaver in closing, "but our conversations with the developers of the drivers in question make us confident that they’re as committed as us and Microsoft to a robust and secure experience for our shared users".
Microsoft's decision was also criticised by one Microsoft employee, Avi Bar-Zeev, a principal architect at the company who asked, in a blog posting, why the company would "run away from that challenge with such an alarmist attitude of 'shut it off, shut it off, it might hurt me!'". Bar-Zeev believes Microsoft should face the challenge head on and draws a parallel with how Microsoft handled ActiveX vulnerabilities saying "Somehow we survived the existential threat of native code plugins taking over our PCs, or at least we made it through alive".
- Hole found in Firefox 4 WebGL implementation, a report from The H.
- Mozilla disables Firefox 5 WebGL's cross domain textures, a report from The H.
- Khronos respond to WebGL security report, a report from The H.
- WebGL as a security problem, a report from The H.