Image stealing via canvas and HTTP redirect
- November 12, 2008
- Georgi Guninski, Michal Zalewski, Chris Evans
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 22.214.171.124
- SeaMonkey 1.1.13
- Thunderbird 126.96.36.199
Mozilla developer Georgi Guninski reported that the canvas element could be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. This vulnerability could be used by an attacker to steal private information from a victim who is logged into a website that stores the data in images.
Security researchers Michal Zalewski and Chris Evans also reported an additional threat caused by this vulnerability in which an attacker can enumerate the software installed on a victim's computer by using moz-icon as the redirection target.
Firefox 3 is not affected by this issue.