Vulnerability CVE-2023-25741: Information

Description

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-25741
Published: June 2, 2023
Modified: June 8, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus110.0.1-alt1127.0-alt1ALT-PU-2023-1387-1316159Fixed
firefoxsisyphus_riscv64110.0.1-alt0.1.rv64126.0-alt0.portALT-PU-2023-2788-1-Fixed
firefoxp10110.0.1-alt0.p10.1118.0.2-alt0.p10.1ALT-PU-2023-1478-1316337Fixed
firefoxc10f1110.0.1-alt0.p10.1112.0.2-alt0.p10.1ALT-PU-2023-1478-1316337Fixed
firefoxp11110.0.1-alt1126.0.1-alt1ALT-PU-2023-1387-1316159Fixed
firefox-esrsisyphus115.2.1-alt1115.11.0-alt1ALT-PU-2023-5754-2329883Fixed
firefox-esrp10115.3.1-alt4115.11.0-alt1ALT-PU-2023-6436-2330014Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
firefox-esrp11115.2.1-alt1115.11.0-alt1ALT-PU-2023-5754-2329883Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1813376
  • Issue Tracking
  • Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1437126
  • Issue Tracking
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-05/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1812611
  • Exploit
  • Issue Tracking
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      110.0
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top