This violates same-origin policy and leads to information disclosure. This can be used to extract history information and read text values across domains. Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This vulnerability affects Firefox < 52 and Thunderbird < 52. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.Ī buffer overflow read during SVG filter color value operations, resulting in data exposure. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.Īn out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a potentially exploitable crash. This vulnerability affects Firefox < 55.Ī buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This vulnerability affects Firefox < 57.Ī use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox " tags can use "" tags within the SVG data to set cookies for that page.
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS.
0 kommentar(er)
