External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of <code>data:</code> URLs. This could allow for cross-domain data leakage. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9900 Acknowledgements: Name: the Mozilla project Upstream: insertscript
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:2946 https://rhn.redhat.com/errata/RHSA-2016-2946.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:2973 https://rhn.redhat.com/errata/RHSA-2016-2973.html