Candidate: CVE-2011-3649
PublicDate: 2011-11-09 11:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649
Description:
 Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is
 used on Windows in conjunction with the Azure graphics back-end, allow
 remote attackers to bypass the Same Origin Policy, and obtain sensitive
 image data from a different domain, by inserting this data into a canvas.
 NOTE: this issue exists because of a CVE-2011-2986 regression.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: micahg
CVSS: 

Patches_firefox:
upstream_firefox: not-affected
hardy_firefox: ignored (reached end-of-life)
lucid_firefox: not-affected
maverick_firefox: ignored (reached end-of-life)
natty_firefox: not-affected
oneiric_firefox: not-affected
precise_firefox: not-affected
devel_firefox: not-affected

Patches_xulrunner-1.9.2:
upstream_xulrunner-1.9.2: needs-triage
hardy_xulrunner-1.9.2: ignored (reached end-of-life)
lucid_xulrunner-1.9.2: ignored (does not process internet content)
maverick_xulrunner-1.9.2: ignored (does not process internet content)
natty_xulrunner-1.9.2: ignored (does not process internet content)
oneiric_xulrunner-1.9.2: DNE
precise_xulrunner-1.9.2: DNE
devel_xulrunner-1.9.2: DNE

Patches_xulrunner-2.0:
upstream_xulrunner-2.0: needs-triage
hardy_xulrunner-2.0: DNE
lucid_xulrunner-2.0: DNE
maverick_xulrunner-2.0: DNE
natty_xulrunner-2.0: ignored (does not process internet content)
oneiric_xulrunner-2.0: DNE
precise_xulrunner-2.0: DNE
devel_xulrunner-2.0: DNE


Patches_seamonkey:
upstream_seamonkey: needs-triage
hardy_seamonkey: ignored (reached end-of-life)
lucid_seamonkey: not-affected
maverick_seamonkey: ignored (reached end-of-life)
natty_seamonkey: not-affected
oneiric_seamonkey: not-affected
precise_seamonkey: DNE
devel_seamonkey: DNE


Patches_thunderbird:
upstream_thunderbird: needs-triage
hardy_thunderbird: ignored (reached end-of-life)
lucid_thunderbird: not-affected
maverick_thunderbird: ignored (reached end-of-life)
natty_thunderbird: not-affected
oneiric_thunderbird: not-affected
precise_thunderbird: not-affected
devel_thunderbird: not-affected