Mozilla Products: SVG filters information disclosure through feDisplacementMap - mfsa2014-28 (Mac OS X)ID: oval:org.secpod.oval:def:17312 | Date: (C)2014-03-21 (M)2023-12-07 |
Class: PATCH | Family: macos |
Mozilla developer Robert O"Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap . This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SVG timing attacks and could allow for text values to be read across domains, leading to information disclosure.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Product: |
Mozilla Firefox |
Mozilla Firefox ESR |
Mozilla SeaMonkey |
Mozilla Thunderbird |