5
CVSSv2

CVE-2019-9797

Published: 26/04/2019 Updated: 10/06/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Mozilla Firefox could allow a remote malicious user to obtain sensitive information, caused by a cross-origin theft of images with createImageBitmap. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass same-origin policy and obtain sensitive information.

Vulnerability Trend

Affected Products

Vendor Product Versions
MozillaFirefox-, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.6.1, 0.7, 0.7.1, 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.10, 0.10.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.4.1, 1.5, 1.5.0.1, 1.5.0.2, 1.5.0.3, 1.5.0.4, 1.5.0.5, 1.5.0.6, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.8, 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9, 2.0.0.10, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.14, 2.0.0.15, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.20, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.5, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.14, 3.5.15, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.6, 3.6.2, 3.6.3, 3.6.4, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.20, 3.6.21, 3.6.22, 3.6.23, 3.6.24, 3.6.25, 3.6.26, 3.6.27, 3.6.28, 4.0, 4.0.1, 5.0, 5.0.1, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 8.0.1, 9.0, 9.0.1, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 11.0, 12.0, 13.0, 13.0.1, 14.0, 14.0.1, 15.0, 15.0.1, 16.0, 16.0.1, 16.0.2, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 18.0, 18.0.1, 18.0.2, 19.0, 19.0.1, 19.0.2, 20.0, 20.0.1, 21.0, 22.0, 23.0, 23.0.1, 24.0, 24.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.4.0, 24.5.0, 24.6.0, 24.7.0, 24.8.0, 24.8.1, 25.0, 25.0.1, 26.0, 27.0, 27.0.1, 28.0, 29.0, 29.0.1, 30.0, 31.0, 31.1.0, 31.1.1, 31.2.0, 31.3.0, 31.4.0, 31.5.0, 31.5.2, 31.5.3, 31.6.0, 31.7.0, 31.8.0, 32.0, 32.0.1, 32.0.2, 32.0.3, 33.0, 33.0.1, 33.0.2, 33.0.3, 33.1, 33.1.1, 34.0, 34.0.5, 35.0, 35.0.1, 36.0, 36.0.1, 36.0.3, 36.0.4, 37.0, 37.0.1, 37.0.2, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 39.0, 39.0.3, 40.0, 40.0.2, 40.0.3, 41.0, 41.0.1, 41.0.2, 42.0, 43.0, 43.0.1, 43.0.2, 43.0.3, 43.0.4, 44.0, 44.0.1, 44.0.2, 45.0, 45.0.1, 45.0.2, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 46.0, 46.0.1, 47.0, 47.0.1, 47.0.2, 48.0, 48.0.1, 48.0.2, 49.0, 49.0.1, 49.0.2, 50.0, 50.0.1, 50.0.2, 51.0, 51.0.1, 52.0, 52.0.1, 52.0.2, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1, 52.5.0, 52.5.2, 52.5.3, 52.6.0, 52.7.0, 52.7.1, 52.7.2, 52.7.3, 52.7.4, 52.8.0, 52.8.1, 52.9.0, 53.0, 53.0.2, 53.0.3, 54.0, 54.0.1, 55.0, 55.0.1, 55.0.2, 55.0.3, 56.0, 56.0.1, 56.0.2, 57.0, 57.0.1, 57.0.2, 57.0.3, 57.0.4, 58.0, 58.0.1, 58.0.2, 59.0, 59.0.1, 59.0.2, 59.0.3, 60.0, 60.0.1, 60.0.2, 60.1.0, 60.2.0, 60.2.1, 60.2.2, 60.3.0, 60.4.0, 60.5.0, 60.6.1, 61.0, 61.0.1, 61.0.2, 62.0, 62.0.2, 62.0.3, 63.0, 63.0.1, 63.0.3, 64.0, 64.0.2, 65.0

Vendor Advisories

Impact: Important Public Date: 2019-05-22 CWE: CWE-829 Bugzilla: 1712622: CVE-2019-9797 Mozilla: Cross- ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Cross-origin images can be read in violation of the same-origin policy, in Firefox before 660, by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Several security issues were fixed in Thunderbird ...
USN-3918-1 caused a regression in Firefox ...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 6070esr-1~deb9u1 We recommend that you upgrade your firefox-esr packages For the detailed security status of firefox-esr ...
Several security issues were fixed in Firefox ...
USN-3918-1 caused a regression in Firefox ...
Several security issues were fixed in Firefox ...
Multiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service For the stable distribution (stretch), these problems have been fixed in version 1:6070-1~deb9u1 We recommend that you upgrade your thunderbird packages For the detailed security status of thunderbi ...
Arch Linux Security Advisory ASA-201903-12 ========================================== Severity: Critical Date : 2019-03-20 CVE-ID : CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-9803 CVE-2019-9805 C ...
Security vulnerabilities fixed in Thunderbird 607 Announced May 21, 2019 Impact high Products Thunderbird Fixed in Thunderbird 607 ...
Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693 ) Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691 ) Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element This v ...
Security vulnerabilities fixed in Firefox 66 Announced March 19, 2019 Impact critical Products Firefox Fixed in Firefox 66 ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4451-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff May 24, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4448-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff May 22, 2019 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-141-01) New mozilla-firefox packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-6070esr-i686-1_slack142 ...