You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-50

Mozilla Foundation Security Advisory 2011-50

Title: Cross-origin data theft using canvas and Windows D2D
Impact: High
Announced: November 8, 2011
Reporter: Bas Schouten
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 8.0
  Thunderbird 8.0
  SeaMonkey 2.5

Description

Mozilla developer Bas Schouten reported that the introduction of the "Azure" graphics back-end on Windows in Firefox 7 re-introduced the cross-origin data theft issue reported by nasalislarvatus3000 as described in MFSA 2011-29.

References