1
Candidate: CVE-2011-2986
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986
6
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before
7
2.3, and possibly other products, when the Direct2D (aka D2D) API is used
8
on Windows, allows remote attackers to bypass the Same Origin Policy, and
9
obtain sensitive image data from a different domain, by inserting this data
13
jdstrand> Only Firefox/TBird 5 and Windows only
20
upstream_firefox: released (3.6.20, 6.0)
21
hardy_firefox: ignored (uses system xulrunner)
22
lucid_firefox: ignored
23
maverick_firefox: ignored
24
natty_firefox: released (6.0+build1+nobinonly-0ubuntu0.11.04.1)
25
devel_firefox: not-affected (7.0~b1+build1+nobinonly-0ubuntu1)
27
Patches_xulrunner-1.9.2:
28
upstream_xulrunner-1.9.2: released (1.9.2.20)
29
hardy_xulrunner-1.9.2: ignored (reached end-of-life)
30
lucid_xulrunner-1.9.2: ignored
31
maverick_xulrunner-1.9.2: ignored
32
natty_xulrunner-1.9.2: ignored
33
devel_xulrunner-1.9.2: DNE
35
Patches_xulrunner-2.0:
36
upstream_xulrunner-2.0: needs-triage
37
hardy_xulrunner-2.0: DNE
38
lucid_xulrunner-2.0: DNE
39
maverick_xulrunner-2.0: DNE
40
natty_xulrunner-2.0: ignored
41
devel_xulrunner-2.0: DNE
45
upstream_seamonkey: needs-triage
46
hardy_seamonkey: ignored (reached end-of-life)
47
lucid_seamonkey: ignored
48
maverick_seamonkey: ignored
49
natty_seamonkey: ignored
50
devel_seamonkey: ignored
54
upstream_thunderbird: released (3.1.12)
55
hardy_thunderbird: ignored (reached end-of-life)
56
lucid_thunderbird: ignored
57
maverick_thunderbird: ignored
58
natty_thunderbird: ignored
59
devel_thunderbird: released (6.0~b3+build1+nobinonly-0ubuntu2)