firefox is vulnerable to information disclosure. When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage
function takes a variable amount of time depending on the content of the underlying image. This can result in potential cross-origin information exposure of image content through timing side-channel attacks.