CVE-2011-3649

by Fred · 09/11/2011

Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.

Date published : 2011-11-09

http://www.securityfocus.com/bid/50591

http://www.mozilla.org/security/announce/2011/mfsa2011-50.html

CVE-2011-3649

Similar

Recent Posts

Categories

CVE-2011-3649

Share this:

Similar

Recent Posts

Categories

Tags