CVE-2017-5407 - log back

CVE-2017-5407 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1336622
Notes