CVE-2011-2986 (retired)

Priority
Description
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before
2.3, and possibly other products, when the Direct2D (aka D2D) API is used
on Windows, allows remote attackers to bypass the Same Origin Policy, and
obtain sensitive image data from a different domain, by inserting this data
into a canvas.
Notes
 jdstrand> Only Firefox/TBird 5 and Windows only
Assigned-to
micahg
Package
Upstream:released (3.6.20, 6.0)
Package
Upstream:needs-triage
Package
Upstream:released (3.1.12)
Package
Upstream:released (1.9.2.20)
Package
Upstream:needs-triage
More Information

Updated: 2019-08-23 08:44:05 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)