CVE-2023-25741

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1437126	Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1812611	Exploit Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1813376	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2023-05/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1437126	Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1812611	Exploit Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1813376	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2023-05/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

09 Jan 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-203

Information

Published : 2023-06-02 17:15

Updated : 2025-01-09 20:15

NVD link : CVE-2023-25741

Mitre link : CVE-2023-25741

CVE.ORG link : CVE-2023-25741

JSON object : View

Products Affected

mozilla

firefox

CWE

NVD-CWE-noinfo CWE-203

Observable Discrepancy

{"id": "CVE-2023-25741", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-06-02T17:15:11.537", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1437126", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1812611", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813376", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1437126", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1812611", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813376", "tags": ["Issue Tracking", "Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110."}], "lastModified": "2025-01-09T20:15:30.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1", "versionEndExcluding": "110.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}