Timing Attack Vulnerability in Cross-Origin Image Rendering with feDisplacementMap Filter in Firefox < 50

Timing Attack Vulnerability in Cross-Origin Image Rendering with feDisplacementMap Filter in Firefox < 50

CVE-2016-9077 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.

Learn more about our Web Application Penetration Testing UK.