Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-23
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
Products | Firefox, Firefox_esr, Thunderbird |
Type | Origin Validation Error (CWE-346) |
First patch | - None (likely due to unavailable code) |
Links |
• https://bugzilla.mozilla.org/show_bug.cgi?id=1540221
• https://www.mozilla.org/security/advisories/mfsa2019-14/ • https://www.mozilla.org/security/advisories/mfsa2019-15/ • https://www.mozilla.org/security/advisories/mfsa2019-13/ |