CVE-2023-4045 — Origin Validation Error in Mozilla Firefox
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 44.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 1
Latest updateSep 4
Description
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages4 packages
Also affects: Debian Linux 11.0, 12.0
🔴Vulnerability Details
5OSV▶
CVE-2023-4045: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-↗2023-08-01
GHSA▶
GHSA-85vg-hqhq-qvx3: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-↗2023-08-01
CVEList▶
CVE-2023-4045: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-↗2023-08-01
📋Vendor Advisories
9Debian▶
CVE-2023-4045: firefox - Offscreen Canvas did not properly track cross-origin tainting, which could have ...↗2023