Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
The product does not properly verify that the source of data or communication is valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 67.0 (excluding) |
Firefox_esr | Mozilla | * | 60.7 (excluding) |
Thunderbird | Mozilla | * | 60.7 (excluding) |