Mozilla Firefox prior to 3.6.7 and Thunderbird prior to 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote malicious users to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.6 |
||
mozilla firefox 3.6.2 |
||
mozilla firefox 3.6.4 |
||
mozilla firefox |
||
mozilla firefox 3.6.3 |
||
mozilla thunderbird |