Mozilla Foundation Security Advisory 2008-48
Title: Image stealing via canvas and HTTP redirect
Announced: November 12, 2008
Reporter: Georgi Guninski, Michal Zalewski, Chris Evans
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 184.108.40.206
Mozilla developer Georgi Guninski reported that the canvas element could be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. This vulnerability could be used by an attacker to steal private information from a victim who is logged into a website that stores the data in images.
Security researchers Michal Zalewski and Chris Evans also reported an additional threat caused by this vulnerability in which an attacker can enumerate the software installed on a victim's computer by using moz-icon as the redirection target.
Firefox 3 is not affected by this issue.