Bug 2170389 (CVE-2023-25741)
| Summary: | CVE-2023-25741 Mozilla: Same-origin policy leak via image drag and drop | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | erack, jhorak, stransky, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 110 | Doc Type: | --- |
| Doc Text: |
The Mozilla Foundation Security Advisory: When dragging and dropping an image cross-origin, the image size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-02-16 09:31:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2156039 | ||
|
Description
Dhananjay Arunesh
2023-02-16 09:10:31 UTC
|