Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
The product does not properly verify that the source of data or communication is valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 116.0 (excluding) |
Firefox_esr | Mozilla | 102.0 (including) | 102.14 (excluding) |
Firefox_esr | Mozilla | 115.0 (including) | 115.1 (excluding) |