Place Canvas MediaStream behind site permission
The Canvas is specified as a potential MediaStream source, to allow live video capture of Canvas data by Javascript. This is a fingerprinting risk, and should be placed behind our Canvas site permission.
https://dvcs.w3.org/hg/audio/raw-file/tip/streams/StreamProcessing.html#canvas-recording
Apparently support for this has not yet been added to Firefox, but they are currently working on landing it. Adding the ff45-esr tag accordingly.