PT-2020-6197 · Mozilla+7 · Firefox+9

Aleksejs Popovs

·

Published

2020-05-30

·

Updated

2025-09-29

·

CVE-2020-16012

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 87.0.4280.66 Firefox (affected versions not specified) Firefox ESR (affected versions not specified) Thunderbird (affected versions not specified)
Description The issue is related to a data source confirmation error, allowing a remote attacker to access confidential data. It involves side-channel information leakage in graphics, enabling the attacker to leak cross-origin data via a crafted HTML page.
Recommendations For Google Chrome versions prior to 87.0.4280.66, update to version 87.0.4280.66 or later. For Firefox, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Firefox ESR, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

ALSA-2025_16880
ALT-PU-2020-3340
ALT-PU-2020-3379
ALT-PU-2020-3384
ALT-PU-2020-3386
ALT-PU-2020-3409
ALT-PU-2020-3424
ALT-PU-2021-1049
ALT-PU-2021-1157
ALT-PU-2021-1210
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-1379
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
BDU:2021-03536
CESA-2020_5235
CESA-2020_5236
CESA-2020_5237
CESA-2020_5239
CVE-2020-16012
DLA-2457-1
DLA-2464-1
DSA-4793-1
DSA-4796-1
DSA-4824-1
ELSA-2020-5235
ELSA-2020-5236
ELSA-2020-5237
ELSA-2020-5238
ELSA-2020-5239
ELSA-2020-5257
MGASA-2020-0427
MGASA-2020-0433
OESA-2023-1672
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2020:2010-1
OPENSUSE-SU-2020:2012-1
OPENSUSE-SU-2020:2020-1
OPENSUSE-SU-2020:2021-1
OPENSUSE-SU-2020:2026-1
OPENSUSE-SU-2020:2031-1
OPENSUSE-SU-2020:2032-1
OPENSUSE-SU-2020:2055-1
OPENSUSE-SU-2020:2096-1
OPENSUSE-SU-2020:2187-1
OPENSUSE-SU-2020:2315-1
OPENSUSE-SU-2020_2020-1
OPENSUSE-SU-2020_2021-1
OPENSUSE-SU-2020_2031-1
OPENSUSE-SU-2020_2032-1
OPENSUSE-SU-2020_2096-1
OPENSUSE-SU-2020_2187-1
OPENSUSE-SU-2020_2315-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:5231
RHSA-2020:5232
RHSA-2020:5233
RHSA-2020:5234
RHSA-2020:5235
RHSA-2020:5236
RHSA-2020:5237
RHSA-2020:5238
RHSA-2020:5239
RHSA-2020:5240
RHSA-2020:5257
RHSA-2020:5314
RHSA-2020_5235
RHSA-2020_5236
RHSA-2020_5237
RHSA-2020_5238
RHSA-2020_5239
RHSA-2020_5257
SUSE-SU-2020:14548-1
SUSE-SU-2020:3383-1
SUSE-SU-2020:3458-1
SUSE-SU-2020:3528-1
SUSE-SU-2020:3548-1
SUSE-SU-2020_14548-1
SUSE-SU-2020_3383-1
SUSE-SU-2020_3458-1
SUSE-SU-2020_3548-1
USN-4637-1
USN-4637-2
USN-4647-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Google Chrome
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu