Aaylasecura1138

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 74.0.3729.108 **Description** The issue is related to insufficient policy enforcement in Blink, a component of Google Chrome, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This can be exploited by a remote attacker to access confidential data. **Recommendations** For versions prior to 74.0.3729.108, update to version 74.0.3729.108 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 66 **Description** The issue is related to the `createImageBitmap` function, which can be used to read cross-origin images in violation of the same-origin policy. This can be achieved by exporting an image after using `createImageBitmap` to read the image and then rendering the resulting bitmap image within a `canvas` element. The exploitation of this issue may allow a remote attacker to disclose protected information. **Recommendations** For Firefox versions prior to 66, update to version 66 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `createImageBitmap` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 65.0.1 Thunderbird (affected versions not specified) Description: The issue is related to the TransferFromImageBitmap method, which allows for the reading of a canvas element, ignoring security policies. This can enable a remote attacker to gain unauthorized access to information. The problem violates the same-origin policy, allowing cross-origin images to be read from a canvas element. Recommendations: For Firefox versions prior to 65.0.1, update to version 65.0.1 or later to resolve the issue. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability.