This is very odd.
I'm using 1.17pr2 now and the problem still persists in IE11 + HTML5/webgl loading from Amazon S3/CORS. Flash + CORS + IE11 working fine of course. Ipad/Iphone + CORS is working fine. Just the bloody IE11 + CORS + WebGL.
Perhaps still something on my end in .htaacess or CORS rules? What declaration statements, obel, are you using?
Something similar to...
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header set Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"