External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 9.0 (including) | 9.0 (including) |
Firefox | Ubuntu | devel | * |
Firefox | Ubuntu | precise | * |
Firefox | Ubuntu | trusty | * |
Firefox | Ubuntu | upstream | * |
Firefox | Ubuntu | xenial | * |
Firefox | Ubuntu | yakkety | * |
Thunderbird | Ubuntu | devel | * |
Thunderbird | Ubuntu | precise | * |
Thunderbird | Ubuntu | trusty | * |
Thunderbird | Ubuntu | xenial | * |
Thunderbird | Ubuntu | yakkety | * |
Red Hat Enterprise Linux 5 | RedHat | firefox-0:45.6.0-1.el5_11 | * |
Red Hat Enterprise Linux 5 | RedHat | thunderbird-0:45.6.0-1.el5_11 | * |
Red Hat Enterprise Linux 6 | RedHat | firefox-0:45.6.0-1.el6_8 | * |
Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:45.6.0-1.el6_8 | * |
Red Hat Enterprise Linux 7 | RedHat | firefox-0:45.6.0-1.el7_3 | * |
Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:45.6.0-1.el7_3 | * |