Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-11742

Опубликовано: 03 сент. 2019
Источник: redhat
CVSS3: 6.5

Описание

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

Отчет

In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxOut of support scope
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6firefoxFixedRHSA-2019:269412.09.2019
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2019:280719.09.2019
Red Hat Enterprise Linux 7firefoxFixedRHSA-2019:272912.09.2019
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2019:277319.09.2019
Red Hat Enterprise Linux 8firefoxFixedRHSA-2019:266304.09.2019
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2019:277416.09.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-829
https://bugzilla.redhat.com/show_bug.cgi?id=1748653Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-11742

CVSS3: 6.5
ubuntu
около 6 лет назад

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

nvd логотип

CVE-2019-11742

CVSS3: 6.5
nvd
около 6 лет назад

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

debian логотип

CVE-2019-11742

CVSS3: 6.5
debian
около 6 лет назад

A same-origin policy violation occurs allowing the theft of cross-orig ...

github логотип

GHSA-vcf4-987q-qj6p

CVSS3: 6.5
github
больше 3 лет назад

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

fstec логотип

BDU:2020-01396

CVSS3: 6.5
fstec
около 6 лет назад

Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с включением функциональности из ненадежной управляющей сферы, позволяющая нарушителю оказать воздействие на целостность данных

6.5 Medium

CVSS3