Lucene search
K

123 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.1 views

SUSE CVE-2014-3173

The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service read of uninitialized memory via a crafted CANVAS element, related to...

5CVSS8.5AI score0.01585EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.1 views

SUSE CVE-2014-8637

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element...

5CVSS8.3AI score0.0217EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.3 views

SUSE CVE-2015-4497

Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...

10CVSS9.1AI score0.08007EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.3 views

SUSE CVE-2015-7189

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...

6.8CVSS7.9AI score0.0311EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.4 views

SUSE CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

7.5CVSS8.4AI score0.01692EPSS
Exploits0References17
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.24 views

Mozilla Firefox Security Advisory (MFSA2015-94) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

10CVSS9.5AI score0.08007EPSS
Exploits0References4
Veracode
Veracode
added 2020/04/10 12:53 a.m.42 views

Same Origin Policy Bypass

WebKitGTK+ is vulnerable to same origin policy bypass. It was found that WebKit did not correctly restrict read access to images created from the "canvas" element. Malicious web content could allow a remote attacker to bypass the same-origin policy and potentially access sensitive image data...

4.3CVSS4.3AI score0.016EPSS
Exploits0References24Affected Software1
RedhatCVE
RedhatCVE
added 2020/03/30 8:7 a.m.28 views

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

6.5CVSS3.4AI score0.01692EPSS
Exploits0References4
NVD
NVD
added 2019/09/27 6:15 p.m.18 views

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

6.5CVSS6.6AI score0.01692EPSS
Exploits0References12
OSV
OSV
added 2019/09/27 6:15 p.m.2 views

DEBIAN-CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

6.5CVSS7.5AI score0.01692EPSS
Exploits0References1
CVE
CVE
added 2019/09/27 5:18 p.m.315 views

CVE-2019-11742

CVE-2019-11742 describes a same-origin policy violation enabling theft of cross-origin images via a combination of SVG filters and a element, due to an error in how cached image content is treated. Affected: Firefox versions before 69, Thunderbird before 68.1 (and before 60.9 for ESR branches), ...

6.5CVSS6.9AI score0.01692EPSS
Exploits0References12Affected Software3
Debian CVE
Debian CVE
added 2019/09/27 5:18 p.m.44 views

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

6.5CVSS8.2AI score0.01692EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/09/19 6:33 a.m.66 views

Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

6.5CVSS7.3AI score0.01692EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/09/11 12:0 a.m.46 views

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted...

10CVSS8.2AI score0.55874EPSS
Exploits18References16
UbuntuCve
UbuntuCve
added 2019/09/04 12:0 a.m.41 views

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

6.5CVSS6.9AI score0.01692EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.41 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0158)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - pngimagefree in png.c in libpng 1.6.36 has a use- after-free because pngimagefreefunction is called under pngsafeexecute. CVE-2019-7317 - If a...

9.8CVSS7.8AI score0.09393EPSS
Exploits3References13
Tenable Nessus
Tenable Nessus
added 2019/06/14 12:0 a.m.52 views

Amazon Linux 2 : thunderbird (ALAS-2019-1229)

Mozilla: Buffer overflow in WebGL bufferdata on Linux CVE-2019-11693 Mozilla: Use-after-free in XMLHttpRequest CVE-2019-11691 Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulti...

9.8CVSS7.3AI score0.09393EPSS
Exploits3References13
Amazon
Amazon
added 2019/06/11 12:0 a.m.58 views

Critical: thunderbird

Issue Overview: Mozilla: Buffer overflow in WebGL bufferdata on Linux CVE-2019-11693 Mozilla: Use-after-free in XMLHttpRequest CVE-2019-11691 Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then...

9.8CVSS8AI score0.09393EPSS
Exploits3
Veracode
Veracode
added 2019/05/27 12:39 a.m.41 views

Information Disclosure

firefox/thunderbird is vulnerable to information disclosure. Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method...

4.3CVSS6.4AI score0.01622EPSS
Exploits0References21Affected Software2
NVD
NVD
added 2019/04/26 5:29 p.m.13 views

CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

5.3CVSS5.3AI score0.01109EPSS
Exploits0References19
Rows per page
Query Builder