Lucene search

K
prionPRIOn knowledge basePRION:CVE-2017-5407
HistoryJun 11, 2018 - 9:29 p.m.

Information disclosure

2018-06-1121:29:00
PRIOn knowledge base
www.prio-n.com
4

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

Using SVG filters that don’t use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.