5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.2%
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before
2.3, and possibly other products, when the Direct2D (aka D2D) API is used
on Windows, allows remote attackers to bypass the Same Origin Policy, and
obtain sensitive image data from a different domain, by inserting this data
into a canvas.
Author | Note |
---|---|
jdstrand | Only Firefox/TBird 5 and Windows only |