The host is installed with Mozilla Firefox before 5.0 or Mozilla Seamonkey before 2.1 and is prone to an improper input validation vulnerability. A flaw is present in the applications, which fail to handle issues in the cross-domain image as a WebGL texture. Successful exploitation could allow remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.