PT-2023-4437 · Mozilla+4 · Firefox+4

Dohyun Lee

Published

2023-01-26

Updated

2025-01-09

CVE-2023-25741

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 110

Description The issue is related to dragging and dropping an image cross-origin, which could potentially leak the image's size. This behavior was introduced in version 109 and caused web compatibility problems, as well as security concerns. As a result, the behavior was disabled until further review. The vulnerability may allow a remote attacker to access confidential data by exploiting a security concern in the web browser's handling of cross-origin image dragging and dropping.

Recommendations For versions prior to 110, update to version 110 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-942CWE-203

Related Identifiers

ALT-PU-2023-1387

ALT-PU-2023-1478

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-04822

CVE-2023-25741

OPENSUSE-SU-2024:12753-1

OPENSUSE-SU-2024:14572-1

USN-5880-1

USN-5880-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2023-4437 · Mozilla+4 · Firefox+4

CVE-2023-25741

Weakness Enumeration

Related Identifiers

Affected Products

References · 1898