CVE-2011-2986

Priority
Description
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before
2.3, and possibly other products, when the Direct2D (aka D2D) API is used
on Windows, allows remote attackers to bypass the Same Origin Policy, and
obtain sensitive image data from a different domain, by inserting this data
into a canvas.
Notes
 jdstrand> Only Firefox/TBird 5 and Windows only
Assigned-to
micahg
Package
Upstream:released (3.6.20, 6.0)
Package
Upstream:needs-triage
Package
Upstream:released (3.1.12)
Package
Upstream:released (1.9.2.20)
Package
Upstream:needs-triage
More Information

Updated: 2019-01-14 21:58:46 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)