Security research firm Context IS discovered that an image from a different domain could be loaded into a WebGL texture, and then each pixel could be rendered into a canvas element with a shader program, creating an approximation of the image in a form that was readable by the creator of the WebGL texture. This could be used to steal image data from a different site and is considered a violation of the same-origin policy.
The WebGL functionality was introduced in the browser engine used by Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.
Vulmon