Endpoint Vulnerability

SVG filters information disclosure through feDisplacementMap

Description

Mozilla developer Robert O'Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SVG timing attacks and could allow for text values to be read across domains, leading to information disclosure.

Affected Products

Firefox,Firefox ESR

References

CVE-2014-1505,