A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | firefox | < 69.0-1 | firefox_69.0-1_all.deb |
Debian | 12 | all | firefox-esr | < 68.1.0esr-1 | firefox-esr_68.1.0esr-1_all.deb |
Debian | 11 | all | firefox-esr | < 68.1.0esr-1 | firefox-esr_68.1.0esr-1_all.deb |
Debian | 10 | all | firefox-esr | < 60.9.0esr-1~deb10u1 | firefox-esr_60.9.0esr-1~deb10u1_all.deb |
Debian | 999 | all | firefox-esr | < 68.1.0esr-1 | firefox-esr_68.1.0esr-1_all.deb |
Debian | 13 | all | firefox-esr | < 68.1.0esr-1 | firefox-esr_68.1.0esr-1_all.deb |
Debian | 12 | all | thunderbird | < 1:60.9.0-1 | thunderbird_1:60.9.0-1_all.deb |
Debian | 11 | all | thunderbird | < 1:60.9.0-1 | thunderbird_1:60.9.0-1_all.deb |
Debian | 10 | all | thunderbird | < 1:60.9.0-1~deb10u1 | thunderbird_1:60.9.0-1~deb10u1_all.deb |
Debian | 999 | all | thunderbird | < 1:60.9.0-1 | thunderbird_1:60.9.0-1_all.deb |