Nasalislarvatus3000

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox version 7.0 Thunderbird version 7.0 **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data from a different domain by inserting this data into a canvas when the Direct2D API is used on Windows in conjunction with the Azure graphics back-end. **Recommendations** For Mozilla Firefox version 7.0, update to a version that includes a fix for this regression issue. For Thunderbird version 7.0, update to a version that includes a fix for this regression issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 5 Thunderbird versions prior to 6 SeaMonkey versions 2.x prior to 2.3 **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data from a different domain by inserting this data into a canvas when the Direct2D API is used on Windows. **Recommendations** For Mozilla Firefox versions 4.x through 5, update to a version that does not use the vulnerable Direct2D API or apply a configuration change to restrict the use of this API. For Thunderbird versions prior to 6, update to version 6 or later to resolve the issue. For SeaMonkey versions 2.x prior to 2.3, update to version 2.3 or later to fix the problem.