Main Vulnerability Database Exploits ID:5010 - Exploit for Origin validation error in Mozilla Firefox and Firefox ESR - CVE-2020-16012

ID:5010 - Exploit for Origin validation error in Mozilla Firefox and Firefox ESR - CVE-2020-16012

Published: January 11, 2021

Vulnerability identifier: #VU48460

Vulnerability risk: Medium

CVE-ID: CVE-2020-16012

CWE-ID: CWE-346

Exploitation vector: Remote access

Vulnerable software:
Mozilla Firefox
Firefox ESR

Link to public exploit:

https://github.com/aleksejspopovs/cve-2020-16012

Vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the way browser handles requests to cross-origin images. When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function takes a variable amount of time depending on the content of the underlying image. This results in cross-origin information exposure of image content through timing side-channel attacks.

Remediation

Install updates from vendor's website.

ID:5010 - Exploit for Origin validation error in Mozilla Firefox and Firefox ESR - CVE-2020-16012

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human