Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:27957
HistoryNov 20, 2020 - 10:23 a.m.

Information Disclosure

2020-11-2010:23:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
firefox
vulnerability
information disclosure
transparent image
cross-origin
skia library
drawimage function
timing side-channel attacks
software

EPSS

0.001

Percentile

50.4%

firefox is vulnerable to information disclosure. When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function takes a variable amount of time depending on the content of the underlying image. This can result in potential cross-origin information exposure of image content through timing side-channel attacks.