CVE-2018-18511

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html

https://access.redhat.com/errata/RHSA-2019:1265

https://access.redhat.com/errata/RHSA-2019:1267

https://access.redhat.com/errata/RHSA-2019:1269

https://access.redhat.com/errata/RHSA-2019:1308

https://access.redhat.com/errata/RHSA-2019:1309

https://access.redhat.com/errata/RHSA-2019:1310

https://bugzilla.mozilla.org/show_bug.cgi?id=1526218

https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html

https://seclists.org/bugtraq/2019/May/56

https://seclists.org/bugtraq/2019/May/59

https://seclists.org/bugtraq/2019/May/67

https://usn.ubuntu.com/3997-1/

https://www.debian.org/security/2019/dsa-4448

https://www.debian.org/security/2019/dsa-4451

https://www.mozilla.org/security/advisories/mfsa2019-04/

Details

Source: MITRE

Published: 2019-04-26

Updated: 2019-06-10

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:65.0:*:*:*:*:*:*:*

Tenable Plugins

View all (48 total)

IDNameProductFamilySeverity
145688CentOS 8 : firefox (CESA-2019:1269)NessusCentOS Local Security Checks
critical
145630CentOS 8 : thunderbird (CESA-2019:1308)NessusCentOS Local Security Checks
critical
128698NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)NessusNewStart CGSL Local Security Checks
critical
128691NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)NessusNewStart CGSL Local Security Checks
critical
127589Oracle Linux 8 : thunderbird (ELSA-2019-1308)NessusOracle Linux Local Security Checks
critical
127587Oracle Linux 8 : firefox (ELSA-2019-1269)NessusOracle Linux Local Security Checks
critical
127459NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0169)NessusNewStart CGSL Local Security Checks
critical
127455NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0167)NessusNewStart CGSL Local Security Checks
critical
127439NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0159)NessusNewStart CGSL Local Security Checks
critical
127438NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0158)NessusNewStart CGSL Local Security Checks
critical
127305NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0088)NessusNewStart CGSL Local Security Checks
critical
127304NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0087)NessusNewStart CGSL Local Security Checks
critical
125901Amazon Linux 2 : thunderbird (ALAS-2019-1229)NessusAmazon Linux Local Security Checks
critical
125809openSUSE Security Update : MozillaFirefox (openSUSE-2019-1534)NessusSuSE Local Security Checks
critical
125803CentOS 6 : thunderbird (CESA-2019:1310)NessusCentOS Local Security Checks
critical
125802CentOS 7 : thunderbird (CESA-2019:1309)NessusCentOS Local Security Checks
critical
125716Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190604)NessusScientific Linux Local Security Checks
critical
125715Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190604)NessusScientific Linux Local Security Checks
critical
125692RHEL 6 : thunderbird (RHSA-2019:1310)NessusRed Hat Local Security Checks
critical
125691RHEL 7 : thunderbird (RHSA-2019:1309)NessusRed Hat Local Security Checks
critical
125690RHEL 8 : thunderbird (RHSA-2019:1308)NessusRed Hat Local Security Checks
critical
125689Oracle Linux 6 : thunderbird (ELSA-2019-1310)NessusOracle Linux Local Security Checks
critical
125688Oracle Linux 7 : thunderbird (ELSA-2019-1309)NessusOracle Linux Local Security Checks
critical
125669openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484)NessusSuSE Local Security Checks
critical
125554CentOS 6 : firefox (CESA-2019:1267)NessusCentOS Local Security Checks
critical
125553CentOS 7 : firefox (CESA-2019:1265)NessusCentOS Local Security Checks
critical
125545Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Thunderbird vulnerabilities (USN-3997-1)NessusUbuntu Local Security Checks
critical
125449Scientific Linux Security Update : firefox on SL7.x x86_64 (20190524)NessusScientific Linux Local Security Checks
critical
125447Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190523)NessusScientific Linux Local Security Checks
critical
125444Oracle Linux 6 : firefox (ELSA-2019-1267)NessusOracle Linux Local Security Checks
critical
125443Oracle Linux 7 : firefox (ELSA-2019-1265)NessusOracle Linux Local Security Checks
critical
125415Debian DSA-4451-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
125412Debian DLA-1806-1 : thunderbird security updateNessusDebian Local Security Checks
critical
125385RHEL 8 : firefox (RHSA-2019:1269)NessusRed Hat Local Security Checks
critical
125383RHEL 6 : firefox (RHSA-2019:1267)NessusRed Hat Local Security Checks
critical
125382RHEL 7 : firefox (RHSA-2019:1265)NessusRed Hat Local Security Checks
critical
125374Debian DLA-1800-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
125363Mozilla Firefox ESR < 60.7NessusWindows
critical
125362Mozilla Firefox ESR < 60.7NessusMacOS X Local Security Checks
critical
125359Mozilla Thunderbird < 60.7NessusWindows
critical
125358Mozilla Thunderbird < 60.7NessusMacOS X Local Security Checks
critical
125343Debian DSA-4448-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
700733Mozilla Firefox ESR < 60.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
700486Mozilla Firefox < 65.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
122233Mozilla Firefox < 65.0.1NessusWindows
high
122232Mozilla Firefox < 65.0.1NessusMacOS X Local Security Checks
high
122165FreeBSD : mozilla -- multiple vulnerabilities (18211552-f650-4d86-ba4f-e6d5cbfcdbeb)NessusFreeBSD Local Security Checks
high
700742Mozilla Thunderbird < 60.7 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high