Variable time processing of cross-origin images during drawImage calls in Mozilla Firefox, Firefox ESR, Thunderbird, Google Chrome, Edge Chromium - CVE-2020-16012ID: oval:org.secpod.oval:def:67354 | Date: (C)2020-11-18 (M)2024-02-19 |
Class: VULNERABILITY | Family: macos |
Google Chrome before 87.0.4280.67, Edge Chromium before 87.0.664.41, Mozilla Firefox 83, Mozilla Firefox ESR 78.5 and Mozilla Thunderbird 78.5: When drawing a transparent image on top of an unknown cross-origin image, the Skia library codedrawImage/code function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.10 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.15 |
Product: |
Mozilla Firefox |
Mozilla Firefox ESR |
Mozilla Thunderbird |
Google Chrome |
Google Chrome Enterprise |
Microsoft Edge (Chromium-Based) |