Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 67.0 | |
firefox_esr | lt | 60.7 | |
thunderbird | lt | 60.7 |