cbcvebase.
CVE-2023-25741
published 2023-06-02

CVE-2023-25741: When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility…

PriorityP429medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
0.77%
51.0th percentile
When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 110.0-1 (sid)firefox 110.0-1 (sid)
mozillafirefox< 110.0110.0
mozillafirefox
mozillafirefox>= 0 < 110.0+build3-0ubuntu0.18.04.1110.0+build3-0ubuntu0.18.04.1
mozillafirefox>= 0 < 110.0.1+build2-0ubuntu0.18.04.1110.0.1+build2-0ubuntu0.18.04.1
mozillafirefox>= 0 < 110.0+build3-0ubuntu0.20.04.1110.0+build3-0ubuntu0.20.04.1
mozillafirefox>= 0 < 110.0.1+build2-0ubuntu0.20.04.1110.0.1+build2-0ubuntu0.20.04.1
mozillafirefox>= unspecified < 110110

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.