PT-2018-3403 · Mozilla+5 · Firefox+6

Aaylasecura1138

·

Publicado

2018-12-31

·

Atualizado

2024-12-12

·

CVE-2018-18511

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 65.0.1 Thunderbird (affected versions not specified)
Description: The issue is related to the TransferFromImageBitmap method, which allows for the reading of a canvas element, ignoring security policies. This can enable a remote attacker to gain unauthorized access to information. The problem violates the same-origin policy, allowing cross-origin images to be read from a canvas element.
Recommendations: For Firefox versions prior to 65.0.1, update to version 65.0.1 or later to resolve the issue. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2019-1269
BDU:2020-00759
CESA-2019_1265
CESA-2019_1267
CESA-2019_1269
CESA-2019_1308
CESA-2019_1309
CESA-2019_1310
CVE-2018-18511
DLA-1800-1
DLA-1806-1
DSA-4448-1
DSA-4451-1
MGASA-2019-0190
MGASA-2019-0191
OPENSUSE-SU-2019:1534-1
OPENSUSE-SU-2019:1664-1
OPENSUSE-SU-2019_1484-1
OPENSUSE-SU-2019_1534-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:1265
RHSA-2019:1267
RHSA-2019:1269
RHSA-2019:1308
RHSA-2019:1309
RHSA-2019:1310
RHSA-2019_1265
RHSA-2019_1267
RHSA-2019_1269
RHSA-2019_1308
RHSA-2019_1309
RHSA-2019_1310
SUSE-SU-2019:1458-1
USN-3896-1
USN-3997-1

Produtos afetados

Alt Linux
Centos
Firefox
Red Hat
Suse
Thunderbird
Ubuntu