16717 – Security issue with image exclusions

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 16717 - Security issue with image exclusions

Summary: Security issue with image exclusions

Status:	RESOLVED DUPLICATE of bug 16112

Alias:	None

Product:	CSS
Classification:	Unclassified
Component:	Exclusions (show other bugs)
Version:	unspecified
Hardware:	PC All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Vincent Hardy
QA Contact:	public-css-bugzilla

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-04-12 21:58 UTC by Vincent Hardy
Modified:	2012-04-25 22:21 UTC (History)
CC List:	3 users (show)

See Also:

Attachments

Description Vincent Hardy 2012-04-12 21:58:00 UTC

The use of images as exclusion areas, especially when combined with the shape-image-threshold property are a security concerns because through script, malicious code could analyze the content of a cross domain image.

For example, if the attacker uses 1px x 1px inline elements around and inside an image exclusion and uses script to find the position of the element, information about the image will be leaked and will allow reconstruction of a grayscale version of the image.

Comment 1 Alan Stearns 2012-04-25 22:21:53 UTC

Copying the above comment to 16112

*** This bug has been marked as a duplicate of bug 16112 ***