Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24316
HistoryJul 24, 2010 - 12:00 a.m.

Mozilla Foundation Security Advisory 2010-43

2010-07-2400:00:00
vulners.com
25

Mozilla Foundation Security Advisory 2010-43

Title: Same-origin bypass using canvas context
Impact: High
Announced: July 20, 2010
Reporter: Vladimir Vukicevic
Products: Firefox, Thunderbird

Fixed in: Firefox 3.6.7
Thunderbird 3.1.1
Description

Mozilla developer Vladimir Vukicevic reported that a canvas element can be used to read data from another site, violating the same-origin policy. The read restriction placed on a canvas element which has had cross-origin data rendered into it can be bypassed by retaining a reference to the canvas element's context and deleting the associated canvas node from the DOM.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=571287
* CVE-2010-1207