Security Advisory

CVE-2011-2986

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2011-08-18 18:00:00

Last updated 2024-08-06 23:22:26

Assigner mitre

State PUBLISHED

Description

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.

← Browse all CVEs View on cve.org ↗