Mozilla: Cross-origin theft of images with createImageBitmap

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

Mozilla: Stealing of cross-domain images using canvas

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

mozilla: Cross-origin theft of images with ImageBitmapRenderingContext

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected.. This vulnerability affects Firefox 65.0.1...

Mozilla: Stealing of cross-domain images using canvas

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Mozilla Thunderbird < 60.7

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use...

Mozilla Firefox < 67.0

The version of Firefox installed on the remote Windows host is prior to 67.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-13 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results ...

[ASA-201905-9] firefox: multiple issues

Arch Linux Security Advisory ASA-201905-9 ========================================= Severity: Critical Date : 2019-05-23 CVE-ID : CVE-2019-7317 CVE-2019-9800 CVE-2019-9814 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-9821 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693...

[ASA-201905-8] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201905-8 ========================================= Severity: Critical Date : 2019-05-23 CVE-ID : CVE-2019-5798 CVE-2019-7317 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-18511 Package ...

Mozilla Firefox < 67.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-13 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. Thi...

Mozilla Thunderbird < 60.7

The version of Thunderbird installed on the remote Windows host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This...

Mozilla Firefox ESR < 60.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-14 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use...

CVE-2019-9817

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Mozilla Firefox ESR < 60.7 Multiple Vulnerabilities

Binary data 700733.prm...

Security vulnerabilities fixed in Thunderbird 60.7 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

Security vulnerabilities fixed in Firefox ESR 60.7 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

UBUNTU-CVE-2019-9817

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Insecure Same-Origin Policy

Mozilla Firefox is vulnerable to insecure same-origin policy vulnerability. The vulnerability exists due to the redirection of theft of cross-origin URL entries to another site using performance.getEntries when using the Javascript location property allowing data theft...

Information Disclosure

Firefox is vulnerable to information disclosure attacks. A remote user could bypass same-origin restrictions in the PDF viewer to view ostensibly protected PDF files...

chromium-browser: CORS bypass in download manager

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

chromium-browser: CORS bypass in Blink

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...