A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a `<canvas>` element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11742
Acknowledgments: Name: the Mozilla project Upstream: Paul Stone
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2663 https://access.redhat.com/errata/RHSA-2019:2663
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11742
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2694 https://access.redhat.com/errata/RHSA-2019:2694
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2729 https://access.redhat.com/errata/RHSA-2019:2729
Statement: In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2774 https://access.redhat.com/errata/RHSA-2019:2774
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2773 https://access.redhat.com/errata/RHSA-2019:2773
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2807 https://access.redhat.com/errata/RHSA-2019:2807