Variable time processing of cross-origin images during drawImage calls in Mozilla Firefox, Firefox ESR, Thunderbird, Google Chrome, Edge Chromium - CVE-2020-16012| ID: oval:org.secpod.oval:def:67354 | Date: (C)2020-11-18 (M)2024-02-19 |
| Class: VULNERABILITY | Family: macos |
Google Chrome before 87.0.4280.67, Edge Chromium before 87.0.664.41, Mozilla Firefox 83, Mozilla Firefox ESR 78.5 and Mozilla Thunderbird 78.5: When drawing a transparent image on top of an unknown cross-origin image, the Skia library codedrawImage/code function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks.
| Platform: |
| Apple Mac OS 14 |
| Apple Mac OS 13 |
| Apple Mac OS 12 |
| Apple Mac OS 11 |
| Apple Mac OS X 10.10 |
| Apple Mac OS X 10.11 |
| Apple Mac OS X 10.12 |
| Apple Mac OS X 10.13 |
| Apple Mac OS X 10.14 |
| Apple Mac OS X 10.15 |
| Product: |
| Mozilla Firefox |
| Mozilla Firefox ESR |
| Mozilla Thunderbird |
| Google Chrome |
| Google Chrome Enterprise |
| Microsoft Edge (Chromium-Based) |
