CVE-2017-5407

Source
Severity High
Remote Yes
Type Information disclosure
Description
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.
Group Package Affected Fixed Severity Status Ticket
AVG-194 firefox 51.0.1-1 52.0-1 Critical Fixed
AVG-193 thunderbird 45.7.1-3 45.8.0-1 Critical Fixed
Date Advisory Group Package Severity Description
10 Mar 2017 ASA-201703-3 AVG-194 firefox Critical multiple issues
10 Mar 2017 ASA-201703-2 AVG-193 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407
https://bugzilla.mozilla.org/show_bug.cgi?id=1336622