Mozilla Foundation Security Advisory 2011-50

Cross-origin data theft using canvas and Windows D2D

Announced
November 8, 2011
Reporter
Bas Schouten
Impact
High
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 8
  • SeaMonkey 2.5
  • Thunderbird 8

Description

Mozilla developer Bas Schouten reported that the introduction of the "Azure" graphics back-end on Windows in Firefox 7 re-introduced the cross-origin data theft issue reported by nasalislarvatus3000 as described in MFSA 2011-29.

References