CVE-2023-4045

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Weakness

The product does not properly verify that the source of data or communication is valid.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	116.0 (excluding)
Firefox_esr	Mozilla	102.0 (including)	102.14 (excluding)
Firefox_esr	Mozilla	115.0 (including)	115.1 (excluding)

https://cwe.mitre.org/data/definitions/111.html
https://cwe.mitre.org/data/definitions/141.html
https://cwe.mitre.org/data/definitions/142.html
https://cwe.mitre.org/data/definitions/160.html
https://cwe.mitre.org/data/definitions/21.html
https://cwe.mitre.org/data/definitions/384.html
https://cwe.mitre.org/data/definitions/385.html
https://cwe.mitre.org/data/definitions/386.html
https://cwe.mitre.org/data/definitions/387.html
https://cwe.mitre.org/data/definitions/388.html
https://cwe.mitre.org/data/definitions/510.html
https://cwe.mitre.org/data/definitions/59.html
https://cwe.mitre.org/data/definitions/60.html
https://cwe.mitre.org/data/definitions/75.html
https://cwe.mitre.org/data/definitions/76.html
https://cwe.mitre.org/data/definitions/89.html

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1833876
https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
https://www.debian.org/security/2023/dsa-5464
https://www.debian.org/security/2023/dsa-5469
https://www.mozilla.org/security/advisories/mfsa2023-29/
https://www.mozilla.org/security/advisories/mfsa2023-30/
https://www.mozilla.org/security/advisories/mfsa2023-31/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-4045
CWE	https://cwe.mitre.org/data/definitions/346.html

Origin Validation Error

Weakness

Affected Software

Related Attack Patterns

References