PT-2019-4627 · Mozilla+5 · Firefox+5

Aaylasecura1138

Published

2019-03-20

Updated

2024-12-12

CVE-2019-9797

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 66

Description The issue is related to the createImageBitmap function, which can be used to read cross-origin images in violation of the same-origin policy. This can be achieved by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. The exploitation of this issue may allow a remote attacker to disclose protected information.

Recommendations For Firefox versions prior to 66, update to version 66 or later to resolve the issue. As a temporary workaround, consider restricting the use of the createImageBitmap function until a patch is available.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

ALT-PU-2019-1561

ALT-PU-2019-2324

ALT-PU-2019-2486

BDU:2020-00771

CESA-2019_1265

CESA-2019_1267

CESA-2019_1269

CESA-2019_1308

CESA-2019_1309

CESA-2019_1310

CVE-2019-9797

DLA-1800-1

DLA-1806-1

DSA-4448-1

DSA-4451-1

MGASA-2019-0190

MGASA-2019-0191

OPENSUSE-SU-2019:1534-1

OPENSUSE-SU-2019:1664-1

OPENSUSE-SU-2019_1484-1

OPENSUSE-SU-2019_1534-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

RHSA-2019:1265

RHSA-2019:1267

RHSA-2019:1269

RHSA-2019:1308

RHSA-2019:1309

RHSA-2019:1310

RHSA-2019_1265

RHSA-2019_1267

RHSA-2019_1269

RHSA-2019_1308

RHSA-2019_1309

RHSA-2019_1310

SUSE-SU-2019:1458-1

USN-3918-1

USN-3918-2

USN-3918-3

USN-3918-4

USN-3997-1

Affected Products

Alt Linux

Centos

Firefox

Red Hat

Suse

Ubuntu

PT-2019-4627 · Mozilla+5 · Firefox+5

CVE-2019-9797

Weakness Enumeration

Related Identifiers

Affected Products

References · 2058