Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-kws9-mf7a-syh8
Vulnerability ID VCID-kws9-mf7a-syh8
Aliases CVE-2008-5012
Summary Mozilla developer Georgi Guninski reported that the canvas element could be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. This vulnerability could be used by an attacker to steal private information from a victim who is logged into a website that stores the data in images.Security researchers Michal Zalewski and Chris Evans also reported an additional threat caused by this vulnerability in which an attacker can enumerate the software installed on a victim's computer by using moz-icon as the redirection target.Firefox 3 is not affected by this issue.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.05969 https://api.first.org/data/v1/epss?cve=CVE-2008-5012
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2008-48
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json
https://api.first.org/data/v1/epss?cve=CVE-2008-5012
470864 https://bugzilla.redhat.com/show_bug.cgi?id=470864
CVE-2008-5012 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2008-48 https://www.mozilla.org/en-US/security/advisories/mfsa2008-48
RHSA-2008:0976 https://access.redhat.com/errata/RHSA-2008:0976
RHSA-2008:0977 https://access.redhat.com/errata/RHSA-2008:0977
USN-667-1 https://usn.ubuntu.com/667-1/
USN-668-1 https://usn.ubuntu.com/668-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.90796
EPSS Score 0.05969
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:27:32.007958+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2008/mfsa2008-48.md 38.6.0