Описание
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 98.0+build3-0ubuntu0.18.04.2 |
| devel | released | 1:1snap1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 98.0+build3-0ubuntu0.20.04.2 |
| impish | released | 98.0+build3-0ubuntu0.21.10.2 |
| jammy | released | 1:1snap1-0ubuntu1 |
| kinetic | released | 1:1snap1-0ubuntu1 |
| lunar | released | 1:1snap1-0ubuntu1 |
| trusty | ignored | end of standard support |
Показывать по
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98.
While the text displayed in Autofill tooltips cannot be directly read ...
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98.
Уязвимость браузера Mozilla Firefox, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
4.3 Medium
CVSS3