CVE-2023-4045

CVE-2023-4045

Name

CVE-2023-4045

Description

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://www.mozilla.org/security/advisories/mfsa2023-30/
MISC	https://www.mozilla.org/security/advisories/mfsa2023-31/
MISC	https://www.mozilla.org/security/advisories/mfsa2023-29/
MISC	https://bugzilla.mozilla.org/show_bug.cgi?id=1833876
MISC	https://www.debian.org/security/2023/dsa-5464
MISC	https://www.debian.org/security/2023/dsa-5469
MISC	https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
MISC	https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

Type

URI

MISC

https://www.mozilla.org/security/advisories/mfsa2023-30/

MISC

https://www.mozilla.org/security/advisories/mfsa2023-31/

MISC

https://www.mozilla.org/security/advisories/mfsa2023-29/

MISC

https://bugzilla.mozilla.org/show_bug.cgi?id=1833876

MISC

https://www.debian.org/security/2023/dsa-5464

MISC

https://www.debian.org/security/2023/dsa-5469

MISC

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

MISC

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:mozilla:firefox::::::::`	firefox	>= None	< 116.0
`cpe:2.3:a:mozilla:firefox_esr::::::::`	firefox_esr	>= 115.0	< 115.1
`cpe:2.3:a:mozilla:firefox_esr::::::::`	firefox_esr	>= 102.0	< 102.14

CPE URI

Source package

Min version

Max version

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

firefox

>= None

< 116.0

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

firefox_esr

>= 115.0

< 115.1

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

firefox_esr

>= 102.0

< 102.14

References

Match rules

Vulnerable and fixed packages