5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.4%
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is
used on Windows in conjunction with the Azure graphics back-end, allow
remote attackers to bypass the Same Origin Policy, and obtain sensitive
image data from a different domain, by inserting this data into a canvas.
NOTE: this issue exists because of a CVE-2011-2986 regression.