CVE-2019-9817

Summary

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 60.7affected
MozillaFirefoxunspecified < 67affected
MozillaFirefox ESRunspecified < 60.7affected

Weaknesses

  • Stealing of cross-domain images using canvas

ADP Enrichment

CVE Program Container

Additional References

References