Mozilla Foundation Security Advisory 2011-50
Title: Cross-origin data theft using canvas and Windows D2D
Announced: November 8, 2011
Reporter: Bas Schouten
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 8.0
Mozilla developer Bas Schouten reported that the introduction of the "Azure" graphics back-end on Windows in Firefox 7 re-introduced the cross-origin data theft issue reported by nasalislarvatus3000 as described in MFSA 2011-29.