Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.