CVE-2019-9797

Summary

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 66affected

Weaknesses

  • Cross-origin theft of images with createImageBitmap

ADP Enrichment

CVE Program Container

Additional References

References