
As of Palemoon 25.6 a new option is available to
poison canvas data. This option is not enabled by default due to the performance cost. Users can enabled it in about:config by setting canvas.poisondata to true.
This browserleaks page has a technical writeup on how canvas data can be used to generate a fingerprint for a browser using a live example of browser fingerprinting code.