Vulnerability Description
When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 110.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1437126Issue TrackingVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1812611ExploitIssue TrackingVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1813376Issue TrackingPermissions Required
- https://www.mozilla.org/security/advisories/mfsa2023-05/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1437126Issue TrackingVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1812611ExploitIssue TrackingVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1813376Issue TrackingPermissions Required
- https://www.mozilla.org/security/advisories/mfsa2023-05/Vendor Advisory
FAQ
What is CVE-2023-25741?
CVE-2023-25741 is a vulnerability with a CVSS score of 6.5 (MEDIUM). When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern,...
How severe is CVE-2023-25741?
CVE-2023-25741 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25741?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.