CVE-2019-9817 log

Source
Severity High
Remote Yes
Type Same-origin policy bypass
Description
In Firefox before 67.0 and Thunderbird before 60.7.0, images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy.
Group Package Affected Fixed Severity Status Ticket
AVG-966 firefox 66.0.5-1 67.0-1 Critical Fixed
AVG-965 thunderbird 60.6.1-2 60.7.0-1 Critical Fixed
Date Advisory Group Package Severity Description
23 May 2019 ASA-201905-9 AVG-966 firefox Critical multiple issues
23 May 2019 ASA-201905-8 AVG-965 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
https://bugzilla.mozilla.org/show_bug.cgi?id=1540221