Описание
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 28.0+build2-0ubuntu1 |
| lucid | ignored | end of life |
| precise | released | 28.0+build2-0ubuntu0.12.04.1 |
| quantal | released | 28.0+build2-0ubuntu0.12.10.1 |
| saucy | released | 28.0+build2-0ubuntu0.13.10.1 |
| upstream | released | 28.0 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:24.4.0+build1-0ubuntu1 |
| lucid | ignored | end of life |
| precise | released | 1:24.4.0+build1-0ubuntu0.12.04.1 |
| quantal | released | 1:24.4.0+build1-0ubuntu0.12.10.1 |
| saucy | released | 1:24.4.0+build1-0ubuntu0.13.10.2 |
| upstream | released | 24.4.0 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ...
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику получить доступ к конфиденциальной информации
EPSS
5 Medium
CVSS2
7.5 High
CVSS3