Share via


Is it safe to use this Quake port to HTML5? (它是安全地使用此地震端口,以 HTML5 吗?)

One of my skip level managers, Mark, brings up an interesting story about his youth and how he ported quake while he was in college.  So to make him happy, especially with reviews coming up (Mark, awesome job!), I have been looking into the various quake ports like the one in this link:

Don’t use it, this port uses WebGL, and WebGL has the following vulnerabilities as of 5/19/2011 (once they are fixed then they fall off)

https://web.nvd.nist.gov/view/vuln/search-results?query=webgl&search_type=all&cves=on

CVE-2011-1300

Summary: The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.

Published: 04/15/2011

CVSS Severity: 10.0 (HIGH)

CVE-2011-1122

Summary: The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.

Published: 03/01/2011

CVSS Severity: 5.0 (MEDIUM)

CVE-2011-1120

Summary: The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71717.

Published: 03/01/2011

CVSS Severity: 5.0 (MEDIUM)

CVE-2010-2645

Summary: Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.

Published: 07/06/2010

CVSS Severity: 4.3 (MEDIUM)

CVE-2005-4354

Summary: Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Published: 12/20/2005

CVSS Severity: 4.3 (MEDIUM)

CVE-2005-4328

Summary: Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

Published: 12/17/2005

CVSS Severity: 4.3 (MEDIUM)