---

CVE-2017-5407 - log back

CVE-2017-5407 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Information disclosure
Description	+ Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407 + https://bugzilla.mozilla.org/show_bug.cgi?id=1336622
Notes