The host is installed with Mozilla Firefox 7.0 or Thunderbird 7.0 and is prone to cross-origin information disclosure vulnerability. A flaw is present in the applications, which fail to handle Direct2D (aka D2D) API when used in in conjunction with the Azure graphics back-end. Successful exploitation allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.