CVE-2016-9077: Race Condition
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.
Other sources
Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2016-5296
- CVE-2016-5292
- CVE-2016-5293
- CVE-2016-5294
- CVE-2016-5297
- CVE-2016-9064
- CVE-2016-9065
- CVE-2016-9066
- CVE-2016-9067
- CVE-2016-9068
- CVE-2016-9072
- CVE-2016-9075
- CVE-2016-9077
- CVE-2016-5291
- CVE-2016-5295
- CVE-2016-5298
- CVE-2016-5299
- CVE-2016-9061
- CVE-2016-9062
- CVE-2016-9070
- CVE-2016-9073
- CVE-2016-9074
- CVE-2016-9076
- CVE-2016-9063
- CVE-2016-9071
- CVE-2016-5289
- CVE-2016-5290
Frequently Asked Questions
What is CVE-2016-9077?
CVE-2016-9077 refers to a vulnerability that allows the use of the "feDisplacementMap" filter on cross-origin images in Firefox versions prior to 50.
How does CVE-2016-9077 affect Firefox users?
Firefox users who have a version prior to 50 are affected by CVE-2016-9077.
What is the severity of CVE-2016-9077?
CVE-2016-9077 has a severity rating of high (7) based on its impact.
How can I fix the CVE-2016-9077 vulnerability?
Update your Firefox browser to version 50 or later to patch the CVE-2016-9077 vulnerability.
Where can I find more information about CVE-2016-9077?
You can find more information about CVE-2016-9077 in the following references: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1298552), [Mozilla Security Advisory](https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/), [SecurityFocus](http://www.securityfocus.com/bid/94337).