no one cares Chris Evans wrote: > Hi, > > Firefox 2.0.0.18 <http://2.0.0.18> fixes a cross-domain theft of image > data. Firefox 3 unaffected. It's another interesting case where a > redirector confuses the browser about the true origin of a piece of > content. If evil.org <http://evil.org> hosts a redirector, e.g. > evil.org/redir <http://evil.org/redir>, and an image is loaded via > this redirector, the image will be treated as a same-domain image. In > this event, the image pixel data may easily be stolen by rendering the > image to a canvas and using the getImageData() JavaScript API. > > Advisory: http://scary.beasts.org/security/CESA-2008-009.html > > Blog post: > http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html > > Cheers > Chris > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
