Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1833876 | Issue Tracking Permissions Required |
https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html | |
https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html | |
https://www.debian.org/security/2023/dsa-5464 | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5469 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-29/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-30/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-31/ | Vendor Advisory |
Configurations
History
21 Oct 2024, 19:24
Type | Values Removed | Values Added |
---|---|---|
CPE |
09 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Aug 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Aug 2023, 14:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-31/ - Vendor Advisory | |
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1833876 - Issue Tracking, Permissions Required | |
References | (MISC) https://www.debian.org/security/2023/dsa-5464 - Third Party Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-30/ - Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-29/ - Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2023/dsa-5469 - Third Party Advisory | |
CWE | CWE-346 | |
CPE | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
07 Aug 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Aug 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Aug 2023, 15:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-01 15:15
Updated : 2024-10-21 19:24
NVD link : CVE-2023-4045
Mitre link : CVE-2023-4045
CVE.ORG link : CVE-2023-4045
JSON object : View
Products Affected
debian
- debian_linux
mozilla
- firefox
CWE
CWE-346
Origin Validation Error