CVE-2019-9797Origin Validation Error in Mozilla Firefox

CWE-346Origin Validation ErrorCWE-829Inclusion of Functionality from Untrusted Control Sphere16 documents7 sources
Severity
5.3MEDIUMNVD
OSV9.8
EPSS
0.5%
top 34.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla ThunderbirdDebian Firefox+2 more
Timeline
PublishedApr 26
Latest updateMay 24

Description

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

debiandebian/firefox< firefox 66.0-1 (sid)
CVEListV5mozilla/firefoxunspecified66
NVDmozilla/firefox< 66.0
debiandebian/firefox-esr< firefox 66.0-1 (sid)
Ubuntumozilla/firefox< 66.0.2+build1-0ubuntu0.14.04.1+8

🔴Vulnerability Details

7
GHSA
GHSA-9wjj-25rq-652w: Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then2022-05-24
OSV
thunderbird vulnerabilities2019-05-28
OSV
CVE-2019-9797: Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then2019-04-26
OSV
firefox regressions2019-04-16
OSV
firefox regression2019-03-28

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2019-05-28
Red Hat
Mozilla: Cross-origin theft of images with createImageBitmap2019-05-22
Ubuntu
Firefox regressions2019-04-16
Ubuntu
Firefox regression2019-03-28
Ubuntu
Firefox vulnerabilities2019-03-25

💬Community

1
Bugzilla
CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap2019-05-22