ALAS2-2021-1586 --- thunderbirdID: oval:org.secpod.oval:def:1700530 | Date: (C)2021-01-15 (M)2024-02-19 |
Class: PATCH | Family: unix |
When drawing a transparent image on top of an unknown cross-origin image, the Skia library `drawImage` function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks. The Mozilla Foundation Security Advisory describes this flaw as:When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read. A parsing and event loading mismatch in Firefox"s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox CVE-2020-26951