CVE-2018-18511 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Debian Firefox +2 more

Timeline

PublishedApr 26

Latest updateMay 24

Description

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

▶debiandebian/firefox< firefox 65.0.1-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 65.0.1

▶debiandebian/firefox-esr< firefox 65.0.1-1 (sid)

▶NVDmozilla/firefox65.0

▶debiandebian/thunderbird< firefox 65.0.1-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-pp2c-fw86-vf75: Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method↗2022-05-24

▶

OSV

CVE-2018-18511: Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method↗2019-04-26

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2019-05-28

▶

Ubuntu

Firefox vulnerabilities↗2019-02-26

▶

Red Hat

mozilla: Cross-origin theft of images with ImageBitmapRenderingContext↗2019-02-12

▶

Debian

CVE-2018-18511: firefox - Cross-origin images can be read from a canvas element in violation of the same-o...↗2018

▶

💬Community

Bugzilla

CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext↗2019-02-13

▶