Mozilla Foundation Security Advisory 2011-50
Cross-origin data theft using canvas and Windows D2D
- Announced
- November 8, 2011
- Reporter
- Bas Schouten
- Impact
- High
- Products
- Firefox, SeaMonkey, Thunderbird
- Fixed in
-
- Firefox 8
- SeaMonkey 2.5
- Thunderbird 8
Description
Mozilla developer Bas Schouten reported that the
introduction of the "Azure" graphics back-end on Windows in Firefox 7
re-introduced the cross-origin data theft issue reported by
nasalislarvatus3000 as described in
MFSA 2011-29.
References