2170389 – (CVE-2023-25741) CVE-2023-25741 Mozilla: Same-origin policy leak via image drag and drop

Bug 2170389 (CVE-2023-25741) - CVE-2023-25741 Mozilla: Same-origin policy leak via image drag and drop

Summary: CVE-2023-25741 Mozilla: Same-origin policy leak via image drag and drop

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-25741
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2156039
TreeView+	depends on / blocked

Reported:	2023-02-16 09:10 UTC by Dhananjay Arunesh
Modified:	2023-02-16 17:59 UTC (History)
CC List:	4 users (show)
Fixed In Version:	firefox 110
Doc Type:	---
Doc Text:	The Mozilla Foundation Security Advisory: When dragging and dropping an image cross-origin, the image size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review.
Clone Of:
Environment:
Last Closed:	2023-02-16 09:31:26 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2023-02-16 09:10:31 UTC

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25741

Note You need to log in before you can comment on or make changes to this bug.