PT-2018-3403 · Mozilla+5 · Firefox+6

Aaylasecura1138

Published

2018-12-31

Updated

2024-12-12

CVE-2018-18511

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 65.0.1 Thunderbird (affected versions not specified)

Description: The issue is related to the TransferFromImageBitmap method, which allows for the reading of a canvas element, ignoring security policies. This can enable a remote attacker to gain unauthorized access to information. The problem violates the same-origin policy, allowing cross-origin images to be read from a canvas element.

Recommendations: For Firefox versions prior to 65.0.1, update to version 65.0.1 or later to resolve the issue. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-1269

BDU:2020-00759

CESA-2019_1265

CESA-2019_1267

CESA-2019_1269

CESA-2019_1308

CESA-2019_1309

CESA-2019_1310

CVE-2018-18511

DLA-1800-1

DLA-1806-1

DSA-4448-1

DSA-4451-1

MGASA-2019-0190

MGASA-2019-0191

OPENSUSE-SU-2019:1534-1

OPENSUSE-SU-2019:1664-1

OPENSUSE-SU-2019_1484-1

OPENSUSE-SU-2019_1534-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

RHSA-2019:1265

RHSA-2019:1267

RHSA-2019:1269

RHSA-2019:1308

RHSA-2019:1309

RHSA-2019:1310

RHSA-2019_1265

RHSA-2019_1267

RHSA-2019_1269

RHSA-2019_1308

RHSA-2019_1309

RHSA-2019_1310

SUSE-SU-2019:1458-1

USN-3896-1

USN-3997-1

Affected Products

Alt Linux

Centos

Firefox

Red Hat

Suse

Thunderbird

Ubuntu

PT-2018-3403 · Mozilla+5 · Firefox+6

CVE-2018-18511

Weakness Enumeration

Related Identifiers

Affected Products

References · 2030