Vulnerability-Lookup

CVE-2018-18511 (GCVE-0-2018-18511)

Vulnerability from cvelistv5 – Published: 2019-04-26 16:13 – Updated: 2024-08-05 11:08

Summary

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.

Severity ?

No CVSS data available.

CWE

Cross-origin theft of images with ImageBitmapRenderingContext

Assigner

mozilla

References

19 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1526218	x_refsource_MISC
https://seclists.org/bugtraq/2019/May/56	mailing-listx_refsource_BUGTRAQ
https://seclists.org/bugtraq/2019/May/59	mailing-listx_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4448	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:1265	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1267	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1269	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4451	vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2019/May/67	mailing-listx_refsource_BUGTRAQ
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/3997-1/	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:1310	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1308	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1309	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

1 product

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 65.0.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.991Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2019-04/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1526218"
          },
          {
            "name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/56"
          },
          {
            "name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/59"
          },
          {
            "name": "DSA-4448",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4448"
          },
          {
            "name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
          },
          {
            "name": "RHSA-2019:1265",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1265"
          },
          {
            "name": "RHSA-2019:1267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1267"
          },
          {
            "name": "RHSA-2019:1269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1269"
          },
          {
            "name": "DSA-4451",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4451"
          },
          {
            "name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/67"
          },
          {
            "name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
          },
          {
            "name": "USN-3997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3997-1/"
          },
          {
            "name": "openSUSE-SU-2019:1484",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
          },
          {
            "name": "RHSA-2019:1310",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1310"
          },
          {
            "name": "RHSA-2019:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1308"
          },
          {
            "name": "RHSA-2019:1309",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1309"
          },
          {
            "name": "openSUSE-SU-2019:1534",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
          },
          {
            "name": "openSUSE-SU-2019:1664",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "65.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-origin theft of images with ImageBitmapRenderingContext",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-28T14:06:06.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2019-04/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1526218"
        },
        {
          "name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/56"
        },
        {
          "name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/59"
        },
        {
          "name": "DSA-4448",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4448"
        },
        {
          "name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
        },
        {
          "name": "RHSA-2019:1265",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1265"
        },
        {
          "name": "RHSA-2019:1267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1267"
        },
        {
          "name": "RHSA-2019:1269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1269"
        },
        {
          "name": "DSA-4451",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4451"
        },
        {
          "name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/67"
        },
        {
          "name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
        },
        {
          "name": "USN-3997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3997-1/"
        },
        {
          "name": "openSUSE-SU-2019:1484",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
        },
        {
          "name": "RHSA-2019:1310",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1310"
        },
        {
          "name": "RHSA-2019:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1308"
        },
        {
          "name": "RHSA-2019:1309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1309"
        },
        {
          "name": "openSUSE-SU-2019:1534",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
        },
        {
          "name": "openSUSE-SU-2019:1664",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-18511",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "65.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-origin theft of images with ImageBitmapRenderingContext"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2019-04/",
              "refsource": "MISC",
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-04/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1526218",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1526218"
            },
            {
              "name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/56"
            },
            {
              "name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/59"
            },
            {
              "name": "DSA-4448",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4448"
            },
            {
              "name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
            },
            {
              "name": "RHSA-2019:1265",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1265"
            },
            {
              "name": "RHSA-2019:1267",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1267"
            },
            {
              "name": "RHSA-2019:1269",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1269"
            },
            {
              "name": "DSA-4451",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4451"
            },
            {
              "name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/67"
            },
            {
              "name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
            },
            {
              "name": "USN-3997-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3997-1/"
            },
            {
              "name": "openSUSE-SU-2019:1484",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
            },
            {
              "name": "RHSA-2019:1310",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1310"
            },
            {
              "name": "RHSA-2019:1308",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1308"
            },
            {
              "name": "RHSA-2019:1309",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1309"
            },
            {
              "name": "openSUSE-SU-2019:1534",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
            },
            {
              "name": "openSUSE-SU-2019:1664",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-18511",
    "datePublished": "2019-04-26T16:13:22.000Z",
    "dateReserved": "2018-10-19T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-18511",
      "date": "2026-05-20",
      "epss": "0.00802",
      "percentile": "0.74288"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:65.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C12FFDC7-6322-4EA0-9F56-B7A8816F195C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.\"}, {\"lang\": \"es\", \"value\": \"Las im\\u00e1genes de origen cruzado pueden leerse desde un elemento Canvas en violaci\\u00f3n de la pol\\u00edtica del mismo origen usando el m\\u00e9todo transferFromImageBitmap. * Nota: Esto solo afecta a Firefox versi\\u00f3n 65. Las versiones anteriores no est\\u00e1n afectadas. *. Esta vulnerabilidad afecta a Firefox \u003c a la versi\\u00f3n 65.0.1.\"}]",
      "id": "CVE-2018-18511",
      "lastModified": "2024-11-21T03:56:04.810",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-04-26T17:29:00.447",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1265\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1267\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1269\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1308\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1309\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1310\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1526218\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/56\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/59\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/67\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://usn.ubuntu.com/3997-1/\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4448\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4451\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-04/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1265\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1269\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1308\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1309\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1310\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1526218\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/59\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/67\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3997-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4448\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4451\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-04/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-18511\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2019-04-26T17:29:00.447\",\"lastModified\":\"2024-11-21T03:56:04.810\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.\"},{\"lang\":\"es\",\"value\":\"Las im\u00e1genes de origen cruzado pueden leerse desde un elemento Canvas en violaci\u00f3n de la pol\u00edtica del mismo origen usando el m\u00e9todo transferFromImageBitmap. * Nota: Esto solo afecta a Firefox versi\u00f3n 65. Las versiones anteriores no est\u00e1n afectadas. *. Esta vulnerabilidad afecta a Firefox \u003c a la versi\u00f3n 65.0.1.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:65.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C12FFDC7-6322-4EA0-9F56-B7A8816F195C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1265\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1267\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1269\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1308\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1309\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1310\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1526218\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/56\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/59\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/67\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://usn.ubuntu.com/3997-1/\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4448\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4451\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-04/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1310\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1526218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/59\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/67\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3997-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-04/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2019-AVI-058

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 65.0.1
	Mozilla	Firefox	Firefox ESR versions antérieures à 60.5.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-05 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-04 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-05 du 12 février 2019	-	other
Bulletin de sécurité Mozilla mfsa2019-04 du 12 février 2019	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 65.0.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 60.5.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2018-18335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18335"
    },
    {
      "name": "CVE-2018-18356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18356"
    },
    {
      "name": "CVE-2019-5785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5785"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-05\u00a0du 12 f\u00e9vrier 2019",
      "url": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-05/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-04\u00a0du 12 f\u00e9vrier 2019",
      "url": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-04/"
    }
  ],
  "reference": "CERTFR-2019-AVI-058",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-13T00:00:00.000000"
    },
    {
      "description": "Correction du num\u00e9ro de version de Firefox ESR",
      "revision_date": "2019-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-05 du 12 f\u00e9vrier 2019",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-04 du 12 f\u00e9vrier 2019",
      "url": null
    }
  ]
}

CERTFR-2019-AVI-236

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 67
	Mozilla	Firefox	Firefox ESR versions antérieures à 60.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-13 du 21 mai 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-14 du 21 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 67",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 60.7",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
    },
    {
      "name": "CVE-2019-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
    },
    {
      "name": "CVE-2019-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
    },
    {
      "name": "CVE-2019-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
    },
    {
      "name": "CVE-2019-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
    },
    {
      "name": "CVE-2019-11701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11701"
    },
    {
      "name": "CVE-2019-9818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2019-11697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11697"
    },
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
    },
    {
      "name": "CVE-2019-9819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
    },
    {
      "name": "CVE-2019-9814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9814"
    },
    {
      "name": "CVE-2019-11695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11695"
    },
    {
      "name": "CVE-2019-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
    },
    {
      "name": "CVE-2019-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
    },
    {
      "name": "CVE-2019-11699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11699"
    },
    {
      "name": "CVE-2019-11700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11700"
    },
    {
      "name": "CVE-2019-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
    },
    {
      "name": "CVE-2019-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
    },
    {
      "name": "CVE-2019-11696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11696"
    },
    {
      "name": "CVE-2019-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
    },
    {
      "name": "CVE-2019-9821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9821"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-236",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-13 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-14 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/"
    }
  ]
}

CERTFR-2019-AVI-237

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 60.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-15 du 21 mai 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 60.7",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
    },
    {
      "name": "CVE-2019-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
    },
    {
      "name": "CVE-2019-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
    },
    {
      "name": "CVE-2019-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
    },
    {
      "name": "CVE-2019-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
    },
    {
      "name": "CVE-2019-9818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
    },
    {
      "name": "CVE-2019-9819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
    },
    {
      "name": "CVE-2019-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
    },
    {
      "name": "CVE-2019-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
    },
    {
      "name": "CVE-2019-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
    },
    {
      "name": "CVE-2019-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
    },
    {
      "name": "CVE-2019-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-237",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de\nservice et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-15 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/"
    }
  ]
}

CERTFR-2019-AVI-058

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 65.0.1
	Mozilla	Firefox	Firefox ESR versions antérieures à 60.5.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-05 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-04 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-05 du 12 février 2019	-	other
Bulletin de sécurité Mozilla mfsa2019-04 du 12 février 2019	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 65.0.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 60.5.1",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2018-18335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18335"
    },
    {
      "name": "CVE-2018-18356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18356"
    },
    {
      "name": "CVE-2019-5785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5785"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-05\u00a0du 12 f\u00e9vrier 2019",
      "url": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-05/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-04\u00a0du 12 f\u00e9vrier 2019",
      "url": "http://www.mozilla.org/en-US/security/advisories/mfsa2019-04/"
    }
  ],
  "reference": "CERTFR-2019-AVI-058",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-13T00:00:00.000000"
    },
    {
      "description": "Correction du num\u00e9ro de version de Firefox ESR",
      "revision_date": "2019-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-05 du 12 f\u00e9vrier 2019",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-04 du 12 f\u00e9vrier 2019",
      "url": null
    }
  ]
}

CERTFR-2019-AVI-236

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 67
	Mozilla	Firefox	Firefox ESR versions antérieures à 60.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-13 du 21 mai 2019	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2019-14 du 21 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 67",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 60.7",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
    },
    {
      "name": "CVE-2019-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
    },
    {
      "name": "CVE-2019-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
    },
    {
      "name": "CVE-2019-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
    },
    {
      "name": "CVE-2019-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
    },
    {
      "name": "CVE-2019-11701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11701"
    },
    {
      "name": "CVE-2019-9818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2019-11697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11697"
    },
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
    },
    {
      "name": "CVE-2019-9819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
    },
    {
      "name": "CVE-2019-9814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9814"
    },
    {
      "name": "CVE-2019-11695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11695"
    },
    {
      "name": "CVE-2019-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
    },
    {
      "name": "CVE-2019-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
    },
    {
      "name": "CVE-2019-11699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11699"
    },
    {
      "name": "CVE-2019-11700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11700"
    },
    {
      "name": "CVE-2019-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
    },
    {
      "name": "CVE-2019-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
    },
    {
      "name": "CVE-2019-11696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11696"
    },
    {
      "name": "CVE-2019-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
    },
    {
      "name": "CVE-2019-9821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9821"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-236",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-13 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-14 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/"
    }
  ]
}

CERTFR-2019-AVI-237

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 60.7

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2019-15 du 21 mai 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 60.7",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
    },
    {
      "name": "CVE-2019-11693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
    },
    {
      "name": "CVE-2019-11694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
    },
    {
      "name": "CVE-2019-11691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
    },
    {
      "name": "CVE-2019-9815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
    },
    {
      "name": "CVE-2019-9818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2018-18511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
    },
    {
      "name": "CVE-2019-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
    },
    {
      "name": "CVE-2019-9817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
    },
    {
      "name": "CVE-2019-9819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
    },
    {
      "name": "CVE-2019-9816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
    },
    {
      "name": "CVE-2019-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
    },
    {
      "name": "CVE-2019-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
    },
    {
      "name": "CVE-2019-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
    },
    {
      "name": "CVE-2019-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-237",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de\nservice et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-15 du 21 mai 2019",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/"
    }
  ]
}

BDU:2020-00759

Vulnerability from fstec - Published: 26.04.2019

Title

Уязвимость метода TransferFromImageBitmap почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, связанная с возможностью чтения элемента canvas, игнорируя политику безопасности, позволяющая нарушителю получить несанкционированный доступ к информации

Description

Уязвимость метода TransferFromImageBitmap почтового клиента Thunderbird и браузеров Firefox и Firefox ESR связана с возможностью чтения элемента canvas, игнорируя политику безопасности. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к информации

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Vendor

Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc., ООО «РусБИТех-Астра», Mozilla Corp.

Software Name

Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Package Hub for SUSE Linux Enterprise, Firefox, Firefox ESR, Thunderbird

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 19.04 (Ubuntu), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), до 67 (Firefox), до 60.7 (Firefox ESR), до 60.7 (Thunderbird)

Possible Mitigations

Использование рекомендаций: Для thunderbird: Обновление программного обеспечения до 1:60.7.1-1~deb8u1 или более поздней версии Для firefox-esr: Обновление программного обеспечения до 60.7.0esr-1~deb8u1 или более поздней версии Для firefox: Обновление программного обеспечения до 67.0.2-1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета thunderbird) до 1:60.7.1-1~deb8u1 или более поздней версии, (пакета firefox) до 67.0.2-1 или более поздней версии, (пакета firefox-esr) до 60.7.0esr-1~deb8u1 или более поздней версии Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/errata/RHSA-2019:1265 https://access.redhat.com/errata/RHSA-2019:1267 https://access.redhat.com/errata/RHSA-2019:1269 https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1310 Для Ubuntu: https://usn.ubuntu.com/3997-1/ Для Astra Linux: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-18511 https://security-tracker.debian.org/tracker/CVE-2018-18511 https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html https://access.redhat.com/errata/RHSA-2019:1265 https://access.redhat.com/errata/RHSA-2019:1267 https://access.redhat.com/errata/RHSA-2019:1269 https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1310 https://usn.ubuntu.com/3997-1/ https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186

CWE

CWE-200

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Mozilla Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 19.04 (Ubuntu), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), \u0434\u043e 67 (Firefox), \u0434\u043e 60.7 (Firefox ESR), \u0434\u043e 60.7 (Thunderbird)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f thunderbird:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1:60.7.1-1~deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f firefox-esr:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 60.7.0esr-1~deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f firefox:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 67.0.2-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 thunderbird) \u0434\u043e 1:60.7.1-1~deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 firefox) \u0434\u043e 67.0.2-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, (\u043f\u0430\u043a\u0435\u0442\u0430 firefox-esr) \u0434\u043e 60.7.0esr-1~deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2019:1265\nhttps://access.redhat.com/errata/RHSA-2019:1267\nhttps://access.redhat.com/errata/RHSA-2019:1269\nhttps://access.redhat.com/errata/RHSA-2019:1308\nhttps://access.redhat.com/errata/RHSA-2019:1309\nhttps://access.redhat.com/errata/RHSA-2019:1310\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/3997-1/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.04.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.02.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.02.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00759",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-18511",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Package Hub for SUSE Linux Enterprise, Firefox, Firefox ESR, Thunderbird",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 19.04 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.0 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 TransferFromImageBitmap \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox \u0438 Firefox ESR, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0447\u0442\u0435\u043d\u0438\u044f \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430 canvas, \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u0443\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 TransferFromImageBitmap \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox \u0438 Firefox ESR \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0447\u0442\u0435\u043d\u0438\u044f \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430 canvas, \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u0443\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2018-18511\nhttps://security-tracker.debian.org/tracker/CVE-2018-18511\nhttps://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\nhttps://access.redhat.com/errata/RHSA-2019:1265\nhttps://access.redhat.com/errata/RHSA-2019:1267\nhttps://access.redhat.com/errata/RHSA-2019:1269\nhttps://access.redhat.com/errata/RHSA-2019:1308\nhttps://access.redhat.com/errata/RHSA-2019:1309\nhttps://access.redhat.com/errata/RHSA-2019:1310\nhttps://usn.ubuntu.com/3997-1/\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,1)"
}

CNVD-2019-05570

Vulnerability from cnvd - Published: 2019-02-27

Title

Mozilla Firefox信息泄露漏洞（CNVD-2019-05570）

Description

Mozilla Firefox是Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 65.0.1之前版本中存在信息泄露漏洞。远程攻击者可利用该漏洞读取跨源的图像。

Severity

中

Patch Name

Mozilla Firefox信息泄露漏洞（CNVD-2019-05570）的补丁

Patch Description

Mozilla Firefox是Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 65.0.1之前版本中存在信息泄露漏洞。远程攻击者可利用该漏洞读取跨源的图像。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/

Reference

https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/

Impacted products

Name
Mozilla Firefox <65.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-18511",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511"
    }
  },
  "description": "Mozilla Firefox\u662fMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox 65.0.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u8de8\u6e90\u7684\u56fe\u50cf\u3002",
  "discovererName": "AaylaSecura1138",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-04/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-05570",
  "openTime": "2019-02-27",
  "patchDescription": "Mozilla Firefox\u662fMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox 65.0.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u8de8\u6e90\u7684\u56fe\u50cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-05570\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Mozilla Firefox \u003c65.0.1"
  },
  "referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/",
  "serverity": "\u4e2d",
  "submitTime": "2019-02-15",
  "title": "Mozilla Firefox\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-05570\uff09"
}

FKIE_CVE-2018-18511

Vulnerability from fkie_nvd - Published: 2019-04-26 17:29 - Updated: 2024-11-21 03:56

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
security@mozilla.org	https://access.redhat.com/errata/RHSA-2019:1265
security@mozilla.org	https://access.redhat.com/errata/RHSA-2019:1267
security@mozilla.org	https://access.redhat.com/errata/RHSA-2019:1269
security@mozilla.org	https://access.redhat.com/errata/RHSA-2019:1308
security@mozilla.org	https://access.redhat.com/errata/RHSA-2019:1309
security@mozilla.org	https://access.redhat.com/errata/RHSA-2019:1310
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1526218	Issue Tracking, Permissions Required, Vendor Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
security@mozilla.org	https://seclists.org/bugtraq/2019/May/56
security@mozilla.org	https://seclists.org/bugtraq/2019/May/59
security@mozilla.org	https://seclists.org/bugtraq/2019/May/67
security@mozilla.org	https://usn.ubuntu.com/3997-1/
security@mozilla.org	https://www.debian.org/security/2019/dsa-4448
security@mozilla.org	https://www.debian.org/security/2019/dsa-4451
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2019-04/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1265
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1267
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1269
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1308
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1309
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:1310
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1526218	Issue Tracking, Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/56
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/59
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/67
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3997-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4448
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2019/dsa-4451
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2019-04/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mozilla	firefox	65.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:65.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C12FFDC7-6322-4EA0-9F56-B7A8816F195C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1."
    },
    {
      "lang": "es",
      "value": "Las im\u00e1genes de origen cruzado pueden leerse desde un elemento Canvas en violaci\u00f3n de la pol\u00edtica del mismo origen usando el m\u00e9todo transferFromImageBitmap. * Nota: Esto solo afecta a Firefox versi\u00f3n 65. Las versiones anteriores no est\u00e1n afectadas. *. Esta vulnerabilidad afecta a Firefox \u003c a la versi\u00f3n 65.0.1."
    }
  ],
  "id": "CVE-2018-18511",
  "lastModified": "2024-11-21T03:56:04.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-26T17:29:00.447",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:1265"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:1267"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:1269"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:1308"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:1309"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:1310"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1526218"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://seclists.org/bugtraq/2019/May/56"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://seclists.org/bugtraq/2019/May/59"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://seclists.org/bugtraq/2019/May/67"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://usn.ubuntu.com/3997-1/"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://www.debian.org/security/2019/dsa-4448"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://www.debian.org/security/2019/dsa-4451"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-04/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:1310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1526218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/May/56"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/May/59"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/May/67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3997-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2019/dsa-4448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2019/dsa-4451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-04/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PP2C-FW86-VF75

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:11

Details

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected.. This vulnerability affects Firefox < 65.0.1.

Severity ?

4.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-18511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-26T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.",
  "id": "GHSA-pp2c-fw86-vf75",
  "modified": "2024-04-04T00:11:00Z",
  "published": "2022-05-24T16:44:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18511"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-04"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4451"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4448"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3997-1"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/67"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/59"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/56"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1526218"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1310"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1309"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1308"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1269"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1267"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1265"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-18511 (GCVE-0-2018-18511)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature