A flaw was found in Firefox version 65. Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected. Upstream Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1526218 External References: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18511
Issue is fixed in Firefox 65.0.1, which is not yet available in the repos. Reference bug: https://bugzilla.redhat.com/show_bug.cgi?id=1676712
I think we can close this one, because Firefox 66 is already available in the repos.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1265 https://access.redhat.com/errata/RHSA-2019:1265
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1267 https://access.redhat.com/errata/RHSA-2019:1267
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1269 https://access.redhat.com/errata/RHSA-2019:1269
Statement: In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1308
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1309
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1310 https://access.redhat.com/errata/RHSA-2019:1310