Lucene search

K
mozillaMozilla FoundationMFSA2013-55
HistoryJun 25, 2013 - 12:00 a.m.

SVG filters can lead to information disclosure — Mozilla

2013-06-2500:00:00
Mozilla Foundation
www.mozilla.org
23

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.02 Low

EPSS

Percentile

88.8%

Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure.

Affected configurations

Vulners
Node
mozillafirefoxRange<22
OR
mozillafirefox_esrRange<17.0.7
OR
mozillaseamonkeyRange<2.19
OR
mozillathunderbirdRange<17.0.7
OR
mozillathunderbird_esrRange<17.0.7

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.02 Low

EPSS

Percentile

88.8%