Mozilla Foundation Security Advisory 2008-48

Image stealing via canvas and HTTP redirect

Announced
November 12, 2008
Reporter
Georgi Guninski, Michal Zalewski, Chris Evans
Impact
High
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 2.0.0.18
  • SeaMonkey 1.1.13
  • Thunderbird 2.0.0.18

Description

Mozilla developer Georgi Guninski reported that the canvas element could be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. This vulnerability could be used by an attacker to steal private information from a victim who is logged into a website that stores the data in images.

Security researchers Michal Zalewski and Chris Evans also reported an additional threat caused by this vulnerability in which an attacker can enumerate the software installed on a victim's computer by using moz-icon as the redirection target.

Firefox 3 is not affected by this issue.

References