The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability bulletin CVE-2018-18511

Firefox: information disclosure via ImageBitmapRenderingContext

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ImageBitmapRenderingContext of Firefox, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Firefox, Thunderbird, openSUSE Leap, RHEL, SLES, Ubuntu.
Severity of this bulletin: 2/4.
Consequences of an intrusion: data reading.
Hacker's origin: document.
Creation date: 13/02/2019.
Références of this threat: CERTFR-2019-AVI-058, CVE-2018-18511, DLA-1800-1, DSA-4448-1, FEDORA-2019-0a381a82de, FEDORA-2019-3b8d06c61e, FEDORA-2019-7ad9201e59, MFSA-2019-04, MFSA-2019-05, MFSA-2019-14, MFSA-2019-15, openSUSE-SU-2019:1484-1, openSUSE-SU-2019:1534-1, RHSA-2019:1265-01, RHSA-2019:1267-01, RHSA-2019:1269-01, RHSA-2019:1308-01, RHSA-2019:1309-01, RHSA-2019:1310-01, SUSE-SU-2019:1458-1, USN-3896-1, USN-3997-1, VIGILANCE-VUL-28503.

Description of the vulnerability

An attacker can bypass access restrictions to data via ImageBitmapRenderingContext of Firefox, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides network vulnerability patches. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The technology watch team tracks security threats targeting the computer system.