CVE-2016-9077

Summary

Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 50affected

Weaknesses

  • Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them

ADP Enrichment

CVE Program Container

Additional References

References