When drawing a transparent image on top of an unknown cross-origin image, the Skia library `drawImage` function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012
Acknowledgments: Name: the Mozilla project Upstream: Aleksejs Popovs
Mozilla advisory links the following (currently non-public) bug as Mozilla upstream bug for this issue: https://bugzilla.mozilla.org/show_bug.cgi?id=1642028 Using its bug id, it is possible to locate this commit fixing this issue: https://hg.mozilla.org/mozilla-central/rev/48c0f5033c286bd515b6f16e0905ff4ca94faf98 This flaw affects the Skia library bundled with Firefox and Thunderbird. Skia upstream commit for this issue is: https://skia.googlesource.com/skia/+/5d3314c53ce5c966591f0b02349103f51f986e6e%5E%21/ The Skia library is also bundled with Google Chrome / Chromium browser and this issue was corrected there in version 87.0.4280.66: https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html The Chrome / Chromium bug (also currently non-public) is: https://bugs.chromium.org/p/chromium/issues/detail?id=1088224 This bug Chromium bug id is referenced from the Skia commit.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5240 https://access.redhat.com/errata/RHSA-2020:5240
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:5231 https://access.redhat.com/errata/RHSA-2020:5231
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:5233 https://access.redhat.com/errata/RHSA-2020:5233
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5236 https://access.redhat.com/errata/RHSA-2020:5236
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5232 https://access.redhat.com/errata/RHSA-2020:5232
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5234 https://access.redhat.com/errata/RHSA-2020:5234
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:5238 https://access.redhat.com/errata/RHSA-2020:5238
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5237 https://access.redhat.com/errata/RHSA-2020:5237
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-16012
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5235 https://access.redhat.com/errata/RHSA-2020:5235
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:5257 https://access.redhat.com/errata/RHSA-2020:5257
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5239 https://access.redhat.com/errata/RHSA-2020:5239
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5314 https://access.redhat.com/errata/RHSA-2020:5314