CVE-2019-17014Incorrect Authorization in Mozilla Firefox

CWE-863Incorrect AuthorizationCWE-829Inclusion of Functionality from Untrusted Control Sphere8 documents7 sources
Severity
7.4HIGHNVD
EPSS
0.4%
top 41.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedJan 8
Latest updateMay 24

Description

If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages4 packages

debiandebian/firefox< firefox 71.0-1 (sid)
NVDmozilla/firefox< 71.0
Ubuntumozilla/firefox< 71.0+build5-0ubuntu0.16.04.1+2
CVEListV5mozilla/firefoxbefore 71

🔴Vulnerability Details

2
GHSA
GHSA-6hjw-mppg-6486: If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-or2022-05-24
OSV
CVE-2019-17014: If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-or2019-12-04

📋Vendor Advisories

4
Ubuntu
Firefox vulnerabilities2019-12-13
Ubuntu
Firefox vulnerabilities2019-12-09
Red Hat
Mozilla: Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure2019-12-03
Debian
CVE-2019-17014: firefox - If an image had not loaded correctly (such as when it is not actually an image),...2019

💬Community

1
Bugzilla
CVE-2019-17014 Mozilla: Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure2019-12-04