Unrated severityNVD Advisory· Published Apr 26, 2019· Updated Aug 5, 2024

CVE-2018-18511

Description

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.

Affected products

osv-coords7 versions
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015 pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1 pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012
< 128.5.1-1.1+ 6 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 60.7.0-lp150.3.54.5
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 91.1.1-1.1
- (no CPE)range: < 60.7.0-3.33.2
- (no CPE)range: < 60.7.0-3.33.2
- (no CPE)range: < 60.7.2-85.1
Mozilla Corporation/Firefoxv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2019:1265mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1267mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1269mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1308mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1309mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1310mitrevendor-advisoryx_refsource_REDHAT
usn.ubuntu.com/3997-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2019/dsa-4448mitrevendor-advisoryx_refsource_DEBIAN
www.debian.org/security/2019/dsa-4451mitrevendor-advisoryx_refsource_DEBIAN
bugzilla.mozilla.org/show_bug.cgimitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/05/msg00032.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2019/05/msg00038.htmlmitremailing-listx_refsource_MLIST
seclists.org/bugtraq/2019/May/56mitremailing-listx_refsource_BUGTRAQ
seclists.org/bugtraq/2019/May/59mitremailing-listx_refsource_BUGTRAQ
seclists.org/bugtraq/2019/May/67mitremailing-listx_refsource_BUGTRAQ
www.mozilla.org/security/advisories/mfsa2019-04/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000