Mozilla Firefox 69, Mozilla Firefox ESR 68.1 and Mozilla Thunderbird 68.1 : A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <code><canvas></code> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft.