CVE-2020-16012 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	An information disclosure issue has been found in Firefox before 83.0 and chromium before 87.0.4280.66. When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel attacks.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1279	firefox	82.0.3-1	83.0-1	Critical	Fixed
AVG-1277	chromium	86.0.4240.193-1	87.0.4280.66-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
17 Nov 2020	ASA-202011-12	AVG-1279	firefox	Critical	multiple issues
17 Nov 2020	ASA-202011-11	AVG-1277	chromium	High	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012 https://bugzilla.mozilla.org/show_bug.cgi?id=1642028