38 строки
1.3 KiB
Markdown
38 строки
1.3 KiB
Markdown
---
|
|
announced: November 12, 2008
|
|
fixed_in:
|
|
- Firefox 2.0.0.18
|
|
- Thunderbird 2.0.0.18
|
|
- SeaMonkey 1.1.13
|
|
impact: High
|
|
reporter: Georgi Guninski, Michal Zalewski, Chris Evans
|
|
title: Image stealing via canvas and HTTP redirect
|
|
---
|
|
|
|
<h3>Description</h3>
|
|
|
|
<p>Mozilla developer <strong>Georgi Guninski</strong> reported that
|
|
the canvas element could be used in conjunction with an HTTP redirect
|
|
to bypass same-origin restrictions and gain access to the content in
|
|
arbitrary images from other domains. This vulnerability could be used
|
|
by an attacker to steal private information from a victim who is
|
|
logged into a website that stores the data in images.</p>
|
|
|
|
<p>Security researchers <strong>Michal Zalewski</strong>
|
|
and <strong>Chris Evans</strong> also reported an additional threat
|
|
caused by this vulnerability in which an attacker can enumerate the
|
|
software installed on a victim's computer by using moz-icon as the
|
|
redirection target.</p>
|
|
|
|
<p class="note">Firefox 3 is not affected by this issue.</p>
|
|
|
|
<h3>References</h3>
|
|
|
|
<ul>
|
|
<li><a href="https://bugzilla.mozilla.org/buglist.cgi?bug_id=451619,355126">Image stealing via canvas and HTTP redirect</a></li>
|
|
<li><a class="ex-ref" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012">CVE-2008-5012</a></li>
|
|
</ul>
|
|
|
|
|
|
|