Описание
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 50.1.0+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [50.1.0+build2-0ubuntu0.14.04.1]] |
| precise | released | 50.1.0+build2-0ubuntu0.12.04.1 |
| trusty | released | 50.1.0+build2-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [50.1.0+build2-0ubuntu0.14.04.1] |
| upstream | released | released 50.1.0 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 50.1.0+build2-0ubuntu0.16.04.1 |
| yakkety | released | 50.1.0+build2-0ubuntu0.16.10.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:45.7.0+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:45.7.0+build1-0ubuntu0.14.04.1]] |
| precise | released | 1:45.7.0+build1-0ubuntu0.12.04.1 |
| trusty | released | 1:45.7.0+build1-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1:45.7.0+build1-0ubuntu0.14.04.1] |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 1:45.7.0+build1-0ubuntu0.16.04.1 |
| yakkety | released | 1:45.7.0+build1-0ubuntu0.16.10.1 |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
External resources that should be blocked when loaded by SVG images ca ...
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
5 Medium
CVSS2
7.5 High
CVSS3